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ABSTRACT 


The development of the modern world community is closely related to advances in computing 
resources and cyberspace. The formation and expansion of the range of services is based on the 
achievements of mankind in the field of high technologies. However, the rapid growth of comput- 
ing resources, the emergence of a full-scale quantum computer tightens the requirements for 
security systems not only for information and communication systems, but also for cyber-physical 
systems and technologies. 

The methodological foundations of building security systems for critical infrastructure facili- 
ties based on modeling the processes of behavior of antagonistic agents in security systems are 
discussed in the first chapter. 

The concept of information security in social networks, based on mathematical models of data 
protection, taking into account the influence of specific parameters of the social network, the 
effects on the network are proposed in second chapter. 

The nonlinear relationships of the parameters of the defense system, attacks, social networks, 
as well as the influence of individual characteristics of users and the nature of the relationships 
between them, takes into account. 

In the third section, practical aspects of the methodology for constructing post-quantum 
algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic 
and modified elliptic codes), their mathematical models and practical algorithms are considered. 
Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. 
They can significantly reduce the energy costs for implementation, while ensuring the required 
level of cryptographic strength of the system as a whole. The concept of security of corporate 
information and educational systems based on the construction of an adaptive information security 
system is proposed. 


KEYWORDS 


Cybersecurity, modeling of conflict-cooperative interaction, crypto-code constructions, alge- 
braic geometric codes, classifiers of cyber threats. 
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CIRCLE OF READERS AND SCOPE OF APPLICATION 


The authors propose new approaches to the problem of information security in the monograph. 
The new approach is based on the detection of threats to all components of security: cybersecurity, 
information security and security of information, synergy and hybridity of modern threats. 

The first section discusses the main types of models used in modeling the behavior of intelligent 
agents. A distinctive feature is that not only the main classes of models are considered, but also the 
main directions of research of behavioral processes. The joint use of models of different classes to- 
gether with the consideration of different aspects of the behavior of agents in cyberconflict allows to 
obtain a synergistic effect of the proposed modeling methodology. This approach can be considered 
as the closure of many conditions for the manifestation of the synergistic properties of the proposed 
methodology for modeling the conflict-cooperative interaction of the parties to the cyber conflict. 

The second section proposes the concept of information security in social networks, based on 
mathematical models of information security, taking into account the specific parameters of the 
social network, external influences on the network, taking into account the nonlinear relationships 
of the parameters with the protection system and the parameters of the influence of individual 
characteristics of users and the nature of the relations between them. 

The third section considers the practical aspects of the methodology for constructing postquan- 
tum algorithms of asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (ellip- 
tical and modified elliptical codes), their mathematical models and practical algorithms. Hybrid 
crypto-code constructions of McEliece and Niederreiter on unprofitable codes are offered, which 
allow to reduce energy costs for realization considerably, thus the necessary level of cryptostability 
of system as a whole is provided. The concept of security of corporate information and educational 
systems on the basis of construction of adaptive system of information protection is offered. 

The monograph will be useful for researchers and applicants for scientific degrees, and can 
also be used by students during training to raise awareness of information and cybersecurity 
issues of modern information technologies. 
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l INTRODUCTION 


A feature of the present time is the transition from an industrial society to an informational 
one. At the same time, information becomes a more important resource than material or energy 
resources. The rapid growth of computing resources, the emergence of a full-scale quantum 
computer increases the requirements for security systems not only for information and communi- 
cation systems, but also for cyber-physical systems and technologies. 

The main types of models used in modeling the behavior of intelligent agents are discussed 
in Chapter 2. The joint use of models of different classes together with the consideration of va- 
rious aspects of the behavior of agents in conditions of cyber conflict makes it possible to obtain 
a synergistic effect of the proposed modeling methodology. The originality of the approach associa- 
ted with the introduction into consideration of the concept of the contour of business processes 
as an integral object to be protected. Joint consideration of the contour of business processes 
of the organizational and technological system and the contour of business processes of the cy- 
bersecurity system can be considered as another condition for the manifestation of the synergy 
of the processes under consideration. Also worthy of attention is the idea of the spatio-temporal 
structure of the model basis proposed by the authors, which reflects not only the distribution of 
the set of models over the corresponding levels of the proposed methodology, but also sets the 
sequence of their interaction. This approach can be considered as the closure of a set of conditions 
for the manifestation of the synergistic properties of the proposed methodology for modeling 
conflict-cooperative interaction between the parties to a cyber conflict. 

In Chapter 3 the concept of ensuring the protection of information in social networks is 
proposed, based on mathematical models of information protection, taking into account the 
specific parameters of the social network, external influences carried out on the network, taking 
into account the nonlinear relationships of the parameters with the protection system and the 
parameters of the impact of individual characteristics of users and the nature of connections 
between them. 

In Chapter 4, practical aspects of the methodology for constructing post-quantum algo- 
rithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic 
and modified elliptic codes), their mathematical models and practical algorithms are considered. 
Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are pro- 
posed. They can significantly reduce the energy costs for implementation, while ensuring the 
required level of cryptographic strength of the system as a whole. The concept of security of 
corporate information and educational systems based on the construction of an adaptive infor- 
mation security system is proposed. 

The material of the monograph is scientifically new and, in many respects, contains its own 
results of scientific research obtained by the authors and published in a number of scientific 
articles. The material is presented at a high scientific and, at the same time, accessible level, 
and is properly formatted. 
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ABSTRACT 


The main types of models used in modeling the behavior of intelligent agents are discussed. The mo- 
deling methodology for the antagonistic agents behavior is proposed. The methodology is based on 
joint use of models of different classes together with the consideration of various aspects of the 
behavior of agents in conditions of cyber conflict. This statement makes possible to obtain a syner- 
gistic effect of the proposed modeling methodology. The originality of the approach associated with 
the introduction into consideration of the concept of the business processes loop as an integral 
object to be protected. Joint consideration of the business processes loops of the organizational 
and technological system and the business processes loops of the cybersecurity system can be 
considered as the condition for the manifestation of the synergy of the processes under conside- 
ration. The proposed approach of the spatio-temporal structure of the model basis reflects not only 
the distribution of the set of models over the corresponding levels, but also sets the sequence of 
their interaction. This approach is based on classificatory of cyber-treats for cyber-physical system. 


KEYWORDS 


Antagonistic agents, cyber-physical system, synergistic effect, modeling methodology, business 
processes loop, spatio-temporal structure. 


As the world becomes more technological and dependent on computers to monitor vital func- 
tions or conduct business, the importance of ensuring the security of these systems is becoming 
critical in everyday life. 

The most volatile aspect of a cyberattack is the attackers themselves. Modeling only a network 
can show its weaknesses and potential attacks that can be implemented. But this does not provide 
any information about what attacks can be carried out by attackers, based on their point of view. 
Because each person is individual, the process by which an attacker will attack the network will be 
different for each attacker. Understanding differences between attackers and their behavior can be 
used to analyze the consequences of attacks, and then for early detection and prediction. 

By simulating cyberattacks, focusing on how a real cyber attacker will make decisions based 
on skills, rules, and knowledge, it is possible to synthesize data about an attacker's behavior that 
would otherwise be difficult to achieve. The combination of rule-based and knowledge-based attack 
generation provides reliable and diverse generations of attack trajectories, while providing realistic 
results because rules and knowledge are constantly coordinated with each other. This means that 
rules cannot be applied if knowledge is underdeveloped, and knowledge flexibility cannot be used 
if the rules are too limited. Applying this scheme to simulation allows a better understanding of 
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how many different types of attackers affect by analyzing the types of attacks performed and 
being able to learn what the attacker needed to know to perform attacks. Finally, you should turn 
to potential find users trying to protect their networks from attacks that intrusion testers didn't 
think of, or other tools that don’t have security tools. This provides a deeper understanding of 
how vulnerabilities are exploited and how they can affect the network before an attack can occur, 
and then something can be done about it. The cybersecurity industry is trying to meet today’s 
requirements by introducing new and more advanced security technologies and methods. Modern 
methods of studying cyber threats are usually performed using static analysis of network and 
system vulnerabilities. But only a few addresses the most volatile and most important part of the 
problem — the attackers themselves. The human factor underlying cybersecurity provides a better 
understanding of this issue and highlights the behavior of individuals as a key factor of greatest 
concern. The human element at the heart of cybersecurity is what makes cyberspace a com- 
plex, adaptive system. A comprehensive, interdisciplinary, comprehensive approach that combines 
technical and behavioral elements is needed to increase cybersecurity. Therefore, the creation of 
a scientifically sound methodology for modeling the processes of agent behavior in security sys- 
tems is an urgent scientific and applied problem of theoretical and practical significance. 


2.1 THE TRADITIONAL APPROACH TO MODELING THE BEHAVIOR OF AGENTS 
IN SECURITY SYSTEMS 


In recent years, research has been conducted on the dynamics and implementation of cyber- 
attacks to better analyze the impact of those attackers. Studies have been conducted on the 
use of network vulnerabilities to identify possible and realistic ways to attack [1-6]. Thus, [1] 
provides specific examples of large-scale cyber-attacks. The paper [2] analyzes the trend of using 
third-party service providers to gain access to victim organizations. A new paradigm of attack 
graph analysis, which complements the traditional graph-centric representation based on graphs 
adjacency matrices, is presented in [3]. The work [4] is devoted to the issue of forecasting poten- 
tial attacks on the basis of observed attacks. [5] gives an example of a Bayesian network based 
on the current model of the security graph. The variable-length Markov model, which captures 
the features of attack tracks, which allows predicting the probable subsequent actions in current 
attacks, is analyzed in [6]. It should be noted that the disadvantage of these works is that these 
methods take into account only vulnerabilities in the network, but do not reveal real differences 
between the types of attackers. In other works, this issue was considered by modeling the capa- 
bilities of opponents [7] or applying the methodology of game theory [8] to simulate the attacker 
and defender. None of these methods simulate an attacker based on the information that an 
attacker receives during an attack, although it plays an important role in making decisions about 
the attack. This concept is well implemented in agent modeling methods in the NeSSi2 (NeSSi — 
Network Security Simulator) [9] and in the attacker’s behavior model in multistage attack sce- 
nario simulation (MASS — multistage attack scenario simulation) [10]. However, agent modeling 
techniques do not provide a structure in which an attacker obtains specific details about targets 
and can dynamically change targets and strategies during an attack. This type of knowledge- 
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based design for attacker modeling makes it possible to flexibly describe cyber-attacks, which 
allows modeling the proactive and reactive behavior of participants in cyber conflict. 

In [10, 11], simulations were performed to analyze possible cyber-attacks that may occur in 
the network. The paper focuses on modeling the behavior of a cyber attacker so that it is possible 
to flexibly describe many different types of attackers, while maintaining reasonable realism in 
the types of attacks that can be performed. Modeling attacker's decision-making processes 
in terms of reflexive control is more like how an attacker actually thinks. This allows understanding 
the features that different attackers have in the same network, or how one attacker can affect 
different types of networks. This flexibility can help to ease the skills and to reduce the time to 
perform this type of analysis. The main goal is to develop a structure for modeling the attacker's 
decision-making process, based on both deterministic factors, such as network and knowledge, 
as well as probabilistic factors. This structure takes into account randomness in the simulation. 
Although the goal is not to be able to model each type of attacker's behavior comprehensively, but 
to determine what exactly needs to be modeled to describe the attacker. 

Cyber threat analytics is a relatively young industry and is diverse in the types of approaches 
used to perform predictive cyber-attack analysis. These approaches consist of vulnerability assess- 
ment and mitigation, analytical approaches such as the use of attack graphs and game theory, and 
mathematical modeling and simulation of cyber-attacks. Each approach has its advantage and dis- 
advantages, and one approach is not necessarily better than another because of the complexity of 
predicting, primarily human behavior. Currently, mathematical models such as attack graphs, attack 
ontologies or simulation, game theory models, or multi-agent models are used to analyze the enemy. 

The purpose of a network intrusion test is to identify potential vulnerabilities in a network 
accessible to a potential attacker. Knowing the vulnerabilities of the network, the tester/attacker 
can use them to further penetrate the network for more information. This intrusion tester will use 
this information to detect more vulnerabilities until the attackers have exhausted all their option s. 
To do this, a so-called attack graph is developed, which is a set of all possible ways that an at- 
tacker can follow in the network. This process has traditionally been performed manually by an 
attacker or a group of analysts and can be a grueling process. In [12], the process is formalized to 
automatically generate a comprehensive set of possible attack graphs for a given network. Attack 
graphs are generated using a description of the network and the attacker's knowledge of that net- 
work. followed by a description of a set of states that describe the actual attacks that may occur. 
In [12], a network of two hosts with an IDS (IDS — Intrusion detection system) and a firewall was 
modeled. The result was an attack graph of 5,948 nodes with 68,364 edges, which is extremely 
large for very few types of attacks and unrealistically small network. This method of analysis is not 
flexible, scalable or easy to use, which is necessary to successfully assess network weaknesses. 

Given the size of the network, it should be noted that the number of possible ways of at- 
tack can be extremely large. In [13], two methods were proposed to determine which attack 
graphs are the most critical and which are the most effective. Automatic attack graph generation 
requires modeling of all possible types of attacks. The paper [13] considered only 4 possible types 
of attacks. 

The use of attack graphs to generate IDS alert templates to help predict future and ongoing 
attacks is described in [14]. Using these attack graphs and knowledge of the area of cyber- 
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attacks, the probability of achieving attack goals to predict future attacks can be estimated. 
This method requires that each attack graph be converted to a network, and a cybersecurity 
expert analyze it to determine the likelihood of a successful cyber-attack. This approach has two 
problems: the first attacks that do not strictly follow the attack plan cannot be modeled, and the 
probability is based solely on the expert’s experience. [13, 14] define only the different ways that 
an attacker can follow, and not whether the attacker will actually implement this attack or not. 

In [15], the authors eliminated the uncertainty of attack variation, success and accuracy of 
sensory warning data by combining attack graphs with Bayesian networks. This has led to the 
creation of real vulnerability databases, such as the National Vulnerability Database (NVD) and 
the Common Vulnerability Scoring System (CVSS). Using real data from these databases provides 
a basis for calculating the probability without the need for expertise for each function. 

In [16, 17], the generation of a real-time attack graph is estimated to predict the probability 
of an attacker's next steps based on various security breaches. Based on security breaches, the 
basic level of attacker's skills can be determined, which can then be used with CVSS to determine 
the possibility of further steps based on the attacker's position in the network. A common prob- 
lem of the above works is the development of a base attack graph that describes the attacker's 
scenario and targets. Using common attack pattern enumeration and classification (CAPEC) from 
MITRE, attack graphs based on real scenarios are generated in [18, 19]. These scenarios are used 
to obtain more realistic predictions and other attack graphs. 

In [12-19], network security is analyzed on the basis of possible attacks that can be imple- 
mented in the network in one or more scenarios. In these cases, the scenarios are clearly defined, 
and different attackers may pursue the same goal, regardless of whether they are successful 
or not. Understanding the attacker's impact on a network is very important, because in fact 
not all vulnerabilities can be closed, and some can prioritize which vulnerabilities need to be ad- 
dressed over time. Suppose there is an exploit that can be performed by anyone and that can have 
a harmful effect on the network. In this case, it should have a higher priority than the exploit, 
which only 1 % attackers can perform on a non-critical machine. Publications [15-17] show the 
use of publicly available data from cyber-attack scenario s to create attack paths that were identi- 
fied as realistic but did not take into account the skills or behavior of the attacker. Modern cyber 
attack predicting methods have become more focused on the behavior and decision-making of the 
attacker during the attack. Publications in scientific periodicals can be divided into two categories. 
The first category includes publications focused on methods of modeling the behavior of interacting 
agents. The second includes publications, focused on the behavioral aspects of security agent s, 
and more specifically on decision-making processes. Attention to the use of game theory is due 
to the fact that this theory is the basis for agent modeling in conflict. Fig. 2.1 demonstrates the 
results of the analysis of modern approaches to agent behavior modeling, the main advantages of 
which are the following: 

— reflection of the purposefulness of agents’ behavior, as well as the agents’ ability to formu- 
late their goals in the model; 

— ability to simulate both the behavior of an individual agent and the interaction between 
different agents that make up the model; 

— learning ability of agents. 
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TRADITIONAL APPROACHES TO MODELING HUMAN 
BEHAVIOR 
AGENT-ORIENTED MODELING DISCUSSION NEURAL NETWORKS 


Contexts where there are people ||| Contexts in which it is impossible 
with a high level of interaction and to define some relationship 
heterogeneity between input and output 


Representation of the arising Artificial neural networks work 


phenomena, The natural better, there is no need for 
description of system is set. reprogramming 


Flexibility 








CRISP APPROACH 


Contexts where people have to 


choose between two alternatives 





A simple application 


The difficulty of modeli The nonlinear quality of artificial oF 
finan psychology when neural networks complicates the Ability to model only two 


trains on irrational examples application of this approach 


FUZZY LOGIC GENETIC ALGORITHMS BASED ON KNOWLEDGE 


Contexts in which people have to Contexts in which more than one Contexts are described by 
choose between more than two goal is pursued. Contexts in which a standardized procedure. 


alternatives 


alternatives artificial neural The context is quite limited 


Can be easily translated into 
computer languages. 
The knowledge base can be easily 


Fuzzy logic solves complex It is possible to use genetic 


algorithms to model multiobject 


problems. A simple application. 





Fuzzy algorithms are reliable problems changed and expanded 
= D learn f istakes, 
The diffculty of modeling human The decision of the genetic f feedback {rom the user and 
psychology when it trains on algorithm depends on fitness human service is not part of it’s 


irrational examples function constant development 








MARKOV CHAINS NEURO-FUZZY LOGIC 
Contexts where heterogeneous agents are Contexts in which fuzzy logic and 
present. Contexts where we have to model neural network are not enough to 
hidden aspects that we cannot observe describe the situation 
directly Highly scalable. Detection of human behavior in 
High reliability (95 %). The results of the analysis a complex scene. Radical reductions in data and 
of Markov models are ready for use for graphical software/hardware can be achieved 
presentation -_ | 
: : Limited approaches to fuzzy logic and artificial neural 
Unable to simulate interactions. Based on stochastic | | networks, Doubts in a quality of approach. Compatibility 
laws. Markov ee include the ability between fuzzy logic and artificial neural networks 





O Fig. 2.1 Traditional approaches to modeling human behavior 


In [18-20], the authors propose approaches to assess the quality-of-service base d on multi- 
factor analysis and the current state of information security of the organization. However, pos- 
sible preventive actions based on modeling and evaluating the capabilities of both the attacker and 
the defense side are not taken into account. 

Thus, the analysis of the possibilities of ensuring both the security of the business pro- 
cess contour and the tasks of modeling the behavior of antagonistic agents, showed the 
following. Along with a large number of works on the security of organization's business 
processes, the problem of creating a holistic modeling methodology remains unresolved. 
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The implementation of such a methodology in practice will contribute to the sustainable de- 
velopment of security systems of any level, based on modeling the behavioral characteristics 
of security system agents. 

The lack of an appropriate methodology today is due to the contradiction, which is defined as 
follows. Practice requires the theory to find new approaches to cybersecurity and information 
security of the business process contour in terms of increasing the number of threats while 
increasing their technological complexity. 


2.2 AGENT-BASED MODELS OF THE PARTIES TO THE CYBER CONFLICT. THE MAIN DIRECTIONS 
OF THE CLASSIFICATION OF METHODS OF AGENT-BASED MODELING 


When developing programs to simulate agent behavior, it is necessary to answer the question 
of how to model the decision-making processes of agents in the security system. 

In computational social science in general and in the field of agent-based social model- 
ing (ABSM), in particular, there is a constant discussion about the best way to simulate human 
decision-making. The reason for this is that most computational models of the decision-making 
process are quite simple [21]. As with any good scientific model, when modeling human behavior, 
the objects being modeled should be analyzed in terms of only those properties that are relevant 
to the given behavior scenario. 

Therefore, the question arises: «What is a good (computational) human (and decision-making) 
model for a particular research issue?» 

A large number of architectures and models have been developed for ABSM that attempt 
to represent the human decision-making process. Despite the common goal, each architecture 
has slightly different goals and, as a result, includes different assumptions and simplifications. 
Therefore, knowledge of these differences is important when choosing an agent's decision 
model in ABSM. 

To be able to discuss the suitability of different agent architectures for different types of 
ABSM, it is necessary to answer the questions of which types of ABSM exist and which ones are 
of interest to the ABSM community. 

One of the previous attempts to classify ABSM was made in [22]. The paper identifies 
five high-level aspects by which ABSM as a whole can be classified, including the extent to 
which ABSM attempts to include details of specific objectives The last of these measurements 
concerns agents (and decision making), comparing ABSM by the complexity of the agents they 
model. According to Gilbert, this complexity of agents can vary from «product system architec- 
tures» (i.e. agents that follow simple IF-THEN rules) to agents with complex cognitive archi- 
tectures such as SOAR (Security Orchestration, Automation and Response (symbolic cognitive 
architecture)) or ACT-R (Adaptive Control of Thought — Rational). Considering the suitability of 
different architectures for different research issues, [23] concludes that simpler agent models 
come in handy when the goal is to predict the behavior of the organization as a whole. Whereas 
accurate representations require complex and more cognitively accurate architectures to predict 
behavior at the level of individuals or small groups. 
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In [24], three categories of models are proposed: 

— physical models that assume that people respond mutually to current (and/or past) 
interactions; 

— economic models that assume that people respond to their future expectations and make 
decisions in a selfish way: 

— sociological models that assume that people respond to their own and others’ expecta- 
tions (as well as to their past experiences). 

In the classification [24], simple agent architectures, such as rule-based production 
systems, are best suited for physical models, and the complexity and capabilities of agents 
will need to increase in the transition to sociological models. In these sociological models, 
the emphasis on modeling social (human) interaction may require the agent to perceive the 
social network he or she is embedded in, or even the requirements for more complex so- 
cial concepts. 

Summing up, two main dimensions should be identified that are useful for distinguishing bet- 
ween agent architectures: 

— cognitive level of agents, i.e. they are purely reactive or inspired psychologically or neurolog- 
ically (to model person’s decision-making as accurately as possible); 

— social level of agents, i.e. the degree to which they are able to distinguish between 
social network relationships (and status), what levels of communication they are capable of, 
whether they have a theory of thinking or to what extent they are able to perceive complex 
social concepts. 

Another way to classify ABSM in terms of applications is given in [25]. Examples of applica- 
tion areas include: emergence and collective behavior, development, learning, norms, markets, 
institutional design and (social) networks. 

Other candidates for distinguishing agent architectures are: 

— agents’ ability to think about (social) norms, institutions and organizational structures; 
what impact norms, policies, institutions and organizational structures have on system perfor- 
mance at the macro level; and how to design regulatory structures that support the goals of the 
system developer (or other stakeholders); 

— agents ability to learn and, if so, at what level they can learn; for example, whether agents 
are able to learn only the best values of their decision-making functions and whether they can learn 
new decision-making rules. 

So, two more dimensions should be added: norm and learning. 

The last dimension proposed by researchers is the affective level that the agent is able 
to express. 

Most of the categories found are similar [25]. They also include emotions as an area 
of research. 

Summing up, five main dimensions can be identified to classify the operation of ABSM 
in general and, therefore, to determine the agent's architecture, which are shown in Fig. 2.2. 

Production rule systems are symbolic systems, which consist of a set of behavioral 
«lF-THEN rules» [26, 27], and are an information processing architecture based on pat- 
tern matching. The main components that make up production rule systems and determine 
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which actions are selected by the agent on the basis of input data (the so-called direct recog- 
nition cycle [28]) are shown in Fig. 2.3. 


MAIN DIMENSIONS OF AGENT SOCIAL MODELING 


What type of cognitive level does agent What degree of represantation of 
architecture allow: reactive agents, emotioms (if any) is possible in different 
advisory agents, simple cognitive agents, architectures’? 

or psychologically or neurologically inspired 

agents? 


CONSIDERATION Do agent architectures allow agents to 


OF THENORM distinguish between social network 
relationships (and status), what levels of 
To what extent do architectures allow the communication can be represented, and the 
modeling of agents who are able to reason extent to which architectures can be used to 


explicitly about formal and social norms, as represent complex social concepts such as 
well as about the emergence and spread of thinking theory or intentionality? 


the latter? 





What type of agent training is supported 
by the agency architecture? 





O Fig. 2.2 Main dimensions of ABSM classification 


Advantages: 

— simplicity in terms of understanding the relationship between rules and their results; 

— availability of convenient graphical tools for presenting decision-making processes (for 
example, decision trees). 

Disadvantages: 

— incomplete adequacy for modeling human behavior; 

— agents of production rule systems are generally incapable of affective behavior, under- 
Standing and responding to norms, considering social structures (including communication), or 
learning new rules or updating existing ones; 

— ability to model the agent’s behavior only due to the great complexity and use of many rules; 

— increase the likelihood of conflicts between the rules as their number increases; 

— long computing time under a large number of decision-making rules. 

The Belief-Desire-Intention (BDI) and emotional BDI (eBDI) models are one of the most popu- 
lar models for agent decision-making in the agent environment. The model is especially popular for 
building reasoning systems for complex problems in dynamic environments [29]. 

In contrast to the production rule system, the basic idea of BDI (Belief-Desire-Inten- 
tion) is that agents’ mental state is the basis for their reasoning. As the name implies, the 
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BDI model is centered around three mental attitudes, namely beliefs, desires, and especially 


intentions [30, 31]. 


Table 2.1 shows the advantages and disadvantages of the BDI model depending on the pur- 


pose (modeling) [32-35]. 


BASIC ABSM MODELS 


Systems of production rules 


Set of rules 
Ci Aj 


Knowledge 


databases : 
Rule interpreter 
Direct Recognition 
architecture 


Cognitive models 


Represent the behavior 
of decision makers 









Hybrid approaches that take into account 
heuristics, as well as rules of reasoning and 
reactive products, may be more appropriate 


Cognitive level 


The approach focuses on the representation of the 
human brain in order to analyze the social dynamics 
and models of the global level arising from the 
interactions of agents at the local level 


Social level 


Intention — commitment to certain 
courses of action to achieve 
a specific goal 


Procedural Thinking 
architecture (PRS) 
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They act by changing 
the set of their beliefs and 
establishing the desire 
to achieve a certain state 
of affairs 


Intentional regulatory 
agents 


level of interaction 
management 


level of service 


level of process 
management 


The architecture of an 
intentional regulatory agent 


The approach is based on emotional architecture, 
i. e. when it comes to the level of compliance, 
information about the architecture of agents 

can be used 


Affective level 


An approach that includes two types of norms: social 
norms and legal norms, and policy 


Regulatory level 


An approach from simply updating the values of 
variables in the rules, to the study of strategies for 
successful decision-making 
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O Fig. 2.3 Shows the basic ABSM architectures, relevant models 


and application levels 
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@ Table 2.1 Advantages and disadvantages of the BDI model depending on the purpose 


Purpose of modeling 


Forecasting 


Task execution 


Training 


Using game theory 


Education 


Evidence 


Revelation 


Importance of BDI Advantages 


Average 


High 


High 


Average 


Average 


Low 


Low 


Realism, adaptable to behavior at 
the micro level, possibly irrational 
individual cognition 


Correct level of human behavior 

abstraction Awareness, coopera- 
tion in mixed human-agent teams 
Modular, scalable, flexible design 


Accurate realistic behavior for 
better immersion in the game. 
Adaptability to a dynamic environ- 
ment. Descriptiveness 


Plausible human behavior: immer- 
sion, challenge Quick solution in 
case of uncertainty and incomplete 
information Correct level of 
abstraction to display real player 
strategies 


Intuitive explanation of behavior 
using built-in concepts of psycho- 
logy (B, D, 1) 


Realistic knowledge needed to 
prove micro-, macro-connections 
and complex socio-cognitive 
phenomena 


Realistic detailed behavior model 
for detecting unintuitive effects 
and micro-, macroconnections in 
adaptive dynamic complex systems 


Disadvantages 


Complexity, scalability 
Detailed data is required 


More complex design, 
unusual paradigm 


More complex design, 
unusual paradigm 


Scalability, performance 
More complex design 
compared to scenarios 


Unnecessary realism 
and complexity for 
non-essential agents 


Realism and complexity 
are not needed to prove 
a simpler hypothesis 


More complex under- 
standing and deduction 
More complex specifica- 
tion of decision rules 


Normative models [36]. In BDI, agents act by changing a set of beliefs and establishing 
a desire to achieve a certain state of affairs (for which agents then choose specific intentions 
in the form of plans they want to carry out). Agents’ behavior is driven solely by their intrinsic 
motivators, such as beliefs and desires. The advantage of normative models was the use of an ad- 
ditional element that influenced the agent's reasoning. Unlike beliefs and desires, this element was 
external to the agent, and it took into account the behavioral norms established in the environ- 
ment in which the agent was. Therefore, such elements were considered as external motivators, 
and agents in the system were called agents regulated by the relevant norms. 

Intentional normative agents focus on the idea that social norms should be involved in the 
agent’s decision-making process [37]. That is, autonomous agents should be able to reason, 
communicate, and negotiate norms, including deciding whether to violate social norms if they are 


unfavorable to commercial agents. 
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The advantages of this model are: 

— ability to represent social norms not just as constraints and external fixed rules in the 
agent architecture [38], but also as mental objects. These objects have their own mental 
representation and interact with other mental objects (i.e. beliefs and desires) and the 
agent’s plans [39]; 

— allocation of separate levels of the agent architecture. The first level is the interaction 
management level, which controls the agent's interaction with other agents (through communica- 
tion), as well as the overall environment. The second level is the information service level, which 
stores the agent's information about the environment (information about the world), about other 
agents and about the agent society as a whole. The third level includes the process management 
level, where information is processed and decisions are justified. This allows, on the one hand, 
considering the relevant processes as relatively independent, and on the other — as different 
manifestations of one general process of agent behavior; 

— ability to display semantic differences between different types of information (three levels 
of information: one object level and two metalevels). The object level includes information that the 
agent believes in. The first metalevel contains information on how to process input information 
based on its context. Meta-information determines how an agent's internal processes can be 
changed and under what circumstances. 

The disadvantages are as follows: 

— emergence of an additional level of complexity due to the fact that the norms learned by the 
agent can affect both the generation and the choice of intentions. 

Cognitive models [40] and social modeling models, although they often pursue the same goal 
(represent the behavior of decision-makers), tend to have a different idea of what is a good model 
for human decision-making. 

As a disadvantage, it is noted that social modeling researchers often focus only on agent 
models specially adapted to the task, which limits the realism and applicability of social modeling. 

The advantages of this class of models are clearly manifested in the form of the results of 
cognitive processes, namely the construction of so-called cognitive maps: 

— clarity of factors influencing the decision-making process; 

— clarity of connections between factors (not only qualitative, but also quantitative) ; 

— ability to conduct so-called cognitive modeling, changing the weight of a factor that affects 
the final decision. 

Psychological and neurological models are often referred to as cognitive architectures. How- 
ever, because they have a different focus than the «cognitive architectures» that were mentioned, 
they are allocated to a separate group. The mam difference and advantage is that their architec- 
tures take into account the expected structural properties of the human brain. 

Model human processor (MHP) [41, 42] is based on the synthesis of cognitive science and 
human-computer interaction. The advantage of the Model Human Processor is that if includes 
detailed specifications of the duration of actions and cognitive processing and breaks down com- 
plex actions into detailed small steps that can be analyzed. This allows system developers to 
predict the time it takes for a person to complete a task, avoiding the need to experiment with 
the people involved. 
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The advantages of the CLARION [43] architecture are as follows: 

— use of hybrid neural networks for modeling problems in cognitive and social psychology, as 
well as for implementing intelligent artificial intelligence systems. This makes it relatively easy to 
implement architectures of this class on any artificial neural network platforms: 

— presence of a built-in motivational structure and meta- cognitive structures: 

— presence of two dichotomies: explicit and implicit representation, focused on action rather 
than representation; 

— combining training from top to bottom and from bottom to top; 

— inclusion of a number of functional subsystems that significantly expand both the scope 
of the architecture and the set of processes to be modeled. The main of these subsystems are 
as follows. The action-oriented subsystem that controls all actions. The action base subsystem 
supports knowledge, both explicit and implicit. The motivational subsystem provides the main mo- 
tivation for perception, action and cognition. The metacognitive subsystem dynamically monitors 
and manages the operations of all subsystems. 

Thus, the CLARION architecture combines reactive procedures, general rules, training and 
decision-making to develop universal agents that learn under specific conditions and summarize 
the knowledge gained in different environments. 

SOAR [44] is a symbolic cognitive architecture that implements decision-making as purposeful 
behavior, which includes searching in the problem space and studying the results. 

The advantages of this architecture: 

— consideration of decision-making processes as a combination of search in the problem 
Space, and study of the obtained results (i.e. feedback systems); 

— combination of results of studying human behavior (descriptive models) and results of arti- 
ficial intelligence (prescriptive models): 

— use of two memory types in the system architecture: symbolic long-term memory (pro- 
duction rules), and short-term (working) memory (graph structure to allow the representation of 
objects with properties and relationships): 

— ability to apply the rules in parallel, extracting several pieces of knowledge simultaneously; 

— availability of additional context-sensitive knowledge for the decision-making process: 

— distribution of operators according to several rules, which allows flexible presentation of 
knowledge about operators, as well as constant updating of knowledge structures for operators, 
allowing to redefine operators if required by circumstances. 

These models can be used at different levels of application, as shown in Fig. 2.3. 


2.3 GAME-THEORETIC MODELS OF CONFLICT SITUATIONS 


Networks have become a traditional tool in people's lives, users are very dependent on net- 
works to provide comfortable communication and convenient access to information. Modern in- 
formation and communication technologies are developing rapidly, not only in terms of complexity, 
but also in terms of their diversity. The growing complexity, ubiquity and connectivity of modern 
information systems pose new challenges in the field of security, and cyberspace has become 
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a platform for people with different levels of skills and all kinds of intentions (both positive and 
negative). Thanks to round-the-clock communication, which has become an integral part of peo- 
ple’s daily lives, the protection of information, personal data and assets has become even more 
important than ever. Traditional security has come a long way towards protecting clearly defined 
goals, such as confidentiality, integrity, accessibility and authenticity (CIA*). 

Along with the expansion of the scope of services provided by network services, the prob- 
lems associated with the safe use of network services are growing. Network security is becoming 
a complex topic, as many new network attacks, which are becoming hybrid, are becoming more 
sophisticated and lead to huge losses of network resources. A crime area such as cybercrime has 
formed, which requires the closest attention due to the prevalence of the computer as a tool in 
various areas of human activity. Like other forms of crime, the causes of cybercrime are difficult to 
determine, however, as a rule, this is due to some factors, which include high financial gain, personal 
emotions and even revenge, as well as ethical, ideological, moral and environmental problems. 

Most cybersecurity studies focus on either presenting a specific vulnerability or proposing 
a specific defense algorithm against a well-defined attack pattern. Although such cybersecurity 
research is important, attention should be paid to the dynamic interaction between attackers and 
defenders, where both sides are intelligent and can dynamically change their attack or defense 
strategies to defeat their opponents. This phenomenon of «cyber warfare’s exists in most cases 
of cybersecurity in the real world» [45]. 

It is necessary to emphasize the following. On the one hand, the weakness of traditional solu- 
tions for network security lies in their lack of a system of quantitative solutions [46]. 

On the other hand, security assessment [47] is an important aspect of network security; this 
is an assessment of confidentiality, integrity, availability, vulnerability and security risks. Network 
security Measurement is a large category that includes the measurement of every aspect of 
network security. Risk assessment [48] is one such measure. Network security measurements 
include interactions between attackers and defenders, and their interactions can influence the 
measurement result. One of the metrics in assessing the risk for a network system is the proba- 
bility of its attack. It is necessary to predict the actions of both defenders and attackers. 

To solve the problems of network security, solutions based on game theory are quite of- 
ten proposed, since the interaction process between attackers and defenders is considered as 
a game. In this case, game theory can be used in every possible scenario to predict the actions of 
attackers, and then to determine the decisions of defenders. 

Game theory-based approaches outperform traditional cybersecurity and network privacy 
solutions in many ways, including the following: 

— mathematical validity and provability. Most of the traditional security solutions that are 
implemented either in prevention devices (for example, firewalls) or in the means of rapid response 
to threats (for example, antivirus programs) rely only on heuristics. Nevertheless, game theory 
can investigate security solutions with mathematically grounded methods, the correctness and 
effectiveness of which can be justified mathematically; 

— reliable protection. Based on the analytical results of applying game theory methods, reliable 
mechanisms can be developed to protect cyber systems from selfish behavior (insider or external 
attacks) by malicious users/nodes; 
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— timely response. Although the adoption of a traditional security decision is rather slow 
due to the lack of incentives for participants, game-theoretic approaches defend the interests 
of defenders using basic incentive mechanisms in the context of allocating limited resources to 
balance perceived risks; 

— distributed solutions. Most traditional defense mechanisms make decisions centrally, rather 
than individually (or distributed). In network security games, a centralized approach is almost 
impossible because of the lack of a coordinator in an autonomous system. Using appropriate game 
theory models, security solutions will be implemented in a distributed manner. 

These reasons favor the use of the game theory paradigm for modeling and analyzing the 
behavior of security systems antagonistic agents. 

Game-theoretic analysis focuses on identifying the likely behavior of players with respect to 
the choice of strategy, thus determining the intended outcome of the game. It was noted in [49] 
that models based on game theory demonstrate advantages in productivity and cost compared 
to other risk management models associated with cybercrime. However, this does not take into 
account that in game theory, players are rarely completely rational and do not have complete 
information about each other's wins and strategies. The reason for this is either the fundamental 
impossibility of obtaining complete information, or the significant cost of obtaining it. In addition, 
limited rationality is an inherent characteristic of an agent (in contrast to the ideal player in 
theory). And besides, game theory has always imposed restrictions, which are the only way to 
correctly formulate the problem, and it is based on the assumption that the parties are rational, 
there are few of them and each player knows the goals of his opponent [50, 51]. 

One way to overcome the discrepancy in the rationality of the abstract player and the real 
agent of cyber conflict is defense games. Defense games study the interaction between attackers 
and defenders, which serve as the basis for making formal decisions and developing algorithms, 
as well as for predicting the behavior of attackers. The applicability of game theory in this case 
is due to the fact that it is a mathematical toolbox independent of the field of application, which 
can be used in any situation of interactive decision-making [52], for example, in computer and 
communication networks for modeling various problems. This approach includes work on modeling 
service disciplines [53], for TCP performance [54], and for modeling power control in a wireless 
communication system [55]. [56] described the application of game theory to develop protection 
against «denial of services» (DoS) attacks. In the field of MANET [57], cooperative and non- 
cooperative game-theoretic constructions were used to develop based on the reputation of the 
collaboration architecture. 

The approach to the application of game theory related to the modeling of intrusion detection 
processes in computer systems should be noted. The authors of [58] used a game-theoretic 
structure to model intrusion detection using sampling in communication networks, and also deve- 
loped sampling schemes that are optimal [59]. 

In general, the game-theoretic approach works with at least two players. The success of 
a player in choosing depends on the choice of others. In game theory, players clash with each other 
in turn to maximize their winnings in an attempt to achieve their ultimate goal [60]. In the area of 
cybersecurity, game theory has been used to determine the nature of cyber conflict. The attacker's 
decision-making strategies are closely related to the defender’s strategies and vice versa. 
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Cybersecurity is then modeled by at least two intelligent agents interacting in an attempt to 
maximize their intended goals. It should be noted that this work limits the number of players 
to 2, suggesting the alternation of each other's moves. In real situations of cyber confrontation, 
this can significantly narrow the scope of game-theoretic methods. 

Going beyond the limitations inherent in this work can be considered in the works [61, 62]. 
It was noted in the works that the various methods available in game theory can be used for tactical 
analysis of cyber threat options created by both one attacker and an organized group. A key con- 
cept in game theory is the ability to explore the vast number of possible threat scenarios in a cyber 
system. Game theory can also provide methods for proposing several possible actions along with 
a predicted outcome for controlling future threats. Computers can analyze all combinations and per- 
mutations to find exceptions in general rules, unlike people who tend to overlook some possibilities. 
This approach allows to identify what, if scenarios that the human analyst may have overlooked. 

In [63, 64], the interaction between the attacker and the network administrator is presented as 
a game, the modeling of which allows one to determine many strategies that lead to Nash equilibrium. 

In [65], a methodology was presented for modeling the interaction between an attacking 
DDoS and a network administrator. This approach has shown that the ability to model and identify 
the intentions, objectives, and strategies of an attacker (AIOS) is important because it can lead 
to effective risk assessment and prediction of harm. In this paper, a stimulus-based game model 
for outputting AIOS was discussed. Several bandwidth parameters were used as a metric to 
measure the effects of attack and countermeasures, which, in turn, measures the attacker's 
and defender’s stimulus. It was also noted in the work that the best game model to be selected 
depends on the degree of accuracy of the intrusion detection systems (IDS) used and the degree 
of correlation between the stages of the attack. The topology considered in the simulation expe- 
riment consists of 64 source hosts connected to one victim machine through 4 levels of routers. 
Each router is able to use a reflection mechanism as part of a security strategy. 

In the model presented in [64], an attacker and a network administrator participate in 
a two-person stochastic zero-sum game. In this work, it was assumed that the network consists 
of a set of interdependent nodes whose security assets and vulnerabilities are interrelated. The 
concept of linear influence networks was used in the work and the interdependence between 
nodes was modeled using two weighted oriented graphs, one of which denoted the relationship of 
security assets, and the other denoted a correlation of vulnerability between nodes. The nume- 
rical example presented in the paper describes a small network of three nodes and explains the 
method of calculating the optimal strategies of players. However, there are no mechanisms for 
implementing the strategies found. 

In [65], an extension of traditional approaches to the use of game theory is proposed. It 
addresses the issue of network security as a sequence of non-zero sum games played by an at- 
tacker and defender. This game model, called «fictitious game (FG)», assumes that players cannot 
accurately observe each other's previous actions. In this paper, we studied the influence of error 
probabilities associated with a sensory system on Nash equilibrium strategies for players, taking 
into account two scenarios: 

— each player knows about these error probabilities: 

— none of the players know these error probabilities. 
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Both classic and stochastic FP games are investigated using simulation. 

A promising approach related to the introduction of dynamics and taking into account the time 
characteristics of the game is presented in [66]. The paper presents a game-theoretic model of 
developing a response to an attack on an Internet worm. The basic idea is that defenders can 
choose how to organize resistance and minimize the speed of the worm. An attacker can choose 
the optimal distribution of the scan group to maximize the speed of infection. Thus, the game will be 
played between the attacker and the defender. The attacker must choose the maximum speed of the 
worm, while the defender wants to minimize it. If we formulate the problem in this way, then it will 
be a game with a zero sum and a minimax problem. The optimal solution to this problem is when the 
defender must deploy the application evenly across the entire IP address space or in every corporate 
network, so the best strategy that the attacker uses is equivalent to the random scanning strategy. 
This work demonstrates the application of game theory for designing the locations of vulnerable and 
valuable hosts on the network, which should be considered a promising area of research. 

Another example of the application of game theory, which takes into account the dynamic 
characteristics of the game, is [67]. It presents a model for assessing the likelihood of successful 
attacks on a network of interdependent files and services. This paper presents a logical model 
that takes into account the time required to attack, crash, or repair network systems. To demon- 
strate the use of the game theory model, the paper gives time and topology constraints to deter- 
mine if an attack or defense will succeed. The presented example describes the configuration of 
a high-performance web server with interdependent elements and considers the strategic actions 
of both the attacker and the defender. 

The economic aspects of game theory in relation to security are well presented in scientific pub- 
lications, given the fact that game theory was initially oriented toward economics. In [68], the prob- 
lem of information security in a mobile electronic commerce network is analyzed. It is argued that the 
application of game theory in the field of information security is based on the hypothesis of perfect 
player rationality, while in reality the bulk of information security is determined by limited rationality, 
which is an assumption of the evolutionary game theory. The penalty parameter is introduced into the 
task as a parameter, which is assigned if the organization in the mobile electronic commerce network 
does not invest in information security. The results of modeling the dynamics of this game made 
it possible to obtain the return-on-investment results. This can be seen as an application of evolu- 
tionary game theory to an investment strategy in network security for maximum return. It should be 
noted that evolutionary games are not sufficiently used in modeling cybersecurity problems. 

In [69] game theory is presented in the unusual context of analyzing a proposal for an advo- 
cate organization to invest in information security. The work is focused more on information secu- 
rity management than on information security technologies. The paper formulates the problem of 
two organizations investing in security, with parameters such as investment, security and disaster 
risk. Based on the payout matrix, a penalty parameter has been introduced related to the refusal 
to invest, which ensures the rationality of investment. In conclusion, an argument is put forward 
in favor of encouraging organizations to invest in information security. 

A taxonomy of the application of game theory in cybersecurity, consisting of four dimensions, 
which provide a holistic classification covering network and computer attacks, help to improve 
computer and network security, and language consistency with the description of the attack, 
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was proposed in [70]. The first dimension is the attack vector, which is used to classify an attack 
into an attack class. The second dimension allows to classify attacks by specific targets (for 
example, OS: Linux: RedHat6.0). The third dimension consists of vulnerability classification and 
attack usage (for example, CVE/CERT). The fourth and final dimension highlight potential payloads 
or related effects (such as file deletion). Each dimension provides different levels of information to 
successfully classify and provide attack details. 

A review of publications on the application of game theory in cybersecurity demonstrated the 
following. Almost all publications are devoted to the development of specific models for solving spe- 
cific problems, emphasizing the advantages of game theory for solving problems of this class. The 
scope of the game theory methodology is extensive, given the fact that the classical game theory 
is independent of the subject area of research and applications. Not all studies analyze the appli- 
cability of the game-theoretic modeling methodology. Under these conditions, two fundamental 
issues are practically not addressed. The first is related to the formulation of the limitations of the 
game theory methodology for solving cybersecurity problems, which has its own characteristics 
and can set requirements for the proposed approaches and methods. The second question logically 
follows from the first. In the case of improper use or fundamentally impossibility to use the meth- 
odology of game theory, which methodology should be applied taking into account the features of 
the tasks being solved. In other words, an approach should be proposed to evaluate and select the 
most appropriate methodology for modeling the behavior of security systems antagonistic agents. 
The questions formulated determined the relevance of this study. 

We introduce the basic definitions of the basic concepts used in security tasks based on game 
theory (Table 2.2). 

Based on the introduced definitions, we consider the mathematical foundations of conflict 
modeling and cooperation based on game theory. Suppose that the players are rational in their 
behavior, which implies their motivation in order to optimize the receipt of benefits based on the 
utility function. 

The game follows certain rules according to which players can choose and implement a strate- 
gy from a set of different behavioral options in order to optimize the possible outcome of the game. 

Formally, the game is described with n players with strategic spaces 5, and their payoff func- 
tions U: respectively for each player / (1</<n): 


G = {1 §,,854...,5,; Uj Upson, }. (2.1) 


The main features of game-theoretic approaches to modeling the behavior of cybersecurity 
systems agents are: 

— restriction of strategies when releasing games; 

— simultaneous moves of players in the behavior patterns of security agents: 

— players’ time uncertainty: 

— the uncertainty in the final goal of the enemy; 

— unpredictability of further player moves; 

— lack of players’ assessment of enemy resources, as well as its ultimate goals; 

— impossibility of timely assessment of the current state of the game. 
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@ Table 2.2 Basic definitions of the game theory concepts 


No. Term 

1 Game 

2 Player 

3. Action 

4 Payment 
9  ~—Otrategy 


6 Game with full 
information 


7 Bayesian 
game 


8 — Static/Strate- 
gic Game 


9 Dynamic game 


10 Stochastic 
game 


Definition 


A simplified formalized model of a real conflict situation of confronting the antagonis- 
tic parties of cyber conflict (defense and attack parties) with opposing interests that 
each side tries to satisfy using one or another strategy of actions, and in which it 

is impossible to come to an agreement satisfying both parties regarding the system 
administrator information resource 


The main character in the game who makes choices and takes action. A player may be 
represented by a person, ma- chine, or group of people in a game. In security systems, 
the players are the parties to the attack (attacker) and defense (system administrator) 


An action is a move in a given game 


Positive or negative reward for the player for this action in the game. For the 
system administrator, this may be the cost of the purchase and installation of pro- 
tective equipment and programs against each of the threats that must be minimized. 
For an attacker, this could be a reward for damaging the adversary 


The action plan (behavior scenario) in the game, which the player can implement 
during the game. So, for the defense side, the strategy may be «Wait and See», 
and for the side of the attack, «the weakest link» 


A game in which each player knows the moves of all other players that are already 
made. A game in which the player does not know the opponent's moves is called 

a game with incomplete information. Cyber conflict as a game is fundamentally 

a game with incomplete information 


A game in which information about strategies and payouts for other players is 
incomplete, and the player assigns a «type» to other players at the beginning of the 
game. Such games are called Bayesian games because of the use of Bayesian analy- 
sis in predicting the result, which may be characteristic of modeling the reflective 
behavior of one side or another in cyber conflict 


A one-step game in which each player chooses his own action plan and decisions of 
all players are made simultaneously. This means that when choosing an action plan, 
one side of the conflict (defense or attack side) does not obtain any information 
about the action plan of the opposite side 


A game with more than one stage, at each of which players can review their actions. 
This can be seen as a consistent structure of the decision-making problems faced by 
players in a static game. Game sequences can be either finite or infinite. Dynamic games 
are a good reflection of the behavior of players in the implementation of the attack tree 


A game that includes probabilistic transitions through several states of the system. 
The game starts from the initial state; players select actions and receive a reward, 
which depends on the current state of the game, and then the game goes into a new 
state with probability based on the actions of the players and the current state. 

It can be used in the parties’ assessment of the opposition of the probabilities of 

a multi-step attack and methods of counteracting it 


The game is presented in a strategic/expanded form that describes the actions of the players. 
The strategic form of the game is formalized as follows: 


Game =(P,(S,)._,.(u;) 5} (2.2) 
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There are many players P in the game. The player / can choose the strategy from 5;, and 
U; — this is the player's / gain/utility. The combination of the player's selected strategies is the 
strategy profile, and the mixed strategy is generated from a set of pure strategies. Win function 
U; represents the relationship between the input space of all possible profiles and the output space 
of real numbers A. 

Game-theoretic analysis focuses on identifying the likely behavior of players with respect to 
the choice of strategy, thus determining the intended outcome of the game. This point of view on 
the methods of game theory determines the spectrum of directions for their application in the 
field of cybersecurity. 

Various types of games are used to study the actions of the defender and the attacker and to 
simulate the interaction between them. Table 2.3 presents game-theoretic models, security/pri- 
vacy issues, and key solutions derived from the respective models. 


@ Table 2.3 Set of game-theoretic approaches 
Game model Security problems Solution 


Static Prisoners Selfish behavior of agents on the network [28, 29], privacy = Nash Equilibrium 
Dilemma Game — on mobile social networks [30] 


Zero-sum static | Jamming and listening [31], denial of service attacks [32], Nash Equilibrium 
game trojans [33] 


Stackelberg game Cyberphysical security [36], data integrity and availability [87] Stackelberg equilibrium 


Coalition game Selfishness in packet forwarding [36], listening [37] Coalition Formation 
Algorithm 

Zero-sum sto- Cyberphysical Security [38], Secure Routing [39], Equilibrium (saddle 

chastic game Steganography [40] point), Nash equilibrium 

Bayesian game Privacy trajectory [40], denial of service attack [41], Bayes Nash equilibrium 

survivability [42] 

Dynamic game Secure Routing [43], Cyberphysical Security [38] Saddle point 
(equilibrium) 

Recurring game _ Selfishness in packet forwarding [43] Belief Based Strategy 

Markov game Intrusion Detection System (IDS) configuration [44], Markov equilibrium 


Smart-grid infrastructure protection [45], trust issue in an 
online social network [39] 


Evolution game Selfishness in special networks [46], trust in autonomous Evolutionarily Sustain- 
multi-user networks [47] able Strategy (ESS) 


In game theory, players are rarely completely rational and do not have complete information 
about each other's wins and strategies. Therefore, modeling the decision-making process using 
several equations and parameters is doubtful. There is also the difficulty of quantifying value added 
through cybersecurity. Lack of quantification affects the decision-making process regarding secu- 
rity investments. Consequently, the attitude towards security varies depending on the economic 
situation. This shows that the quantitative assessment of security-related concepts, such as 
trust, confidentiality and risk, in game-theoretic models is not an inherent property and requires 
additional development. Game theory also imposes restrictions, which are the only way to correctly 
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formulate the problem, and it is based on the assumption that the parties are rational and few in 
number, and that each player knows the goals of his opponent. 

The problems of game theory in terms of cybersecurity risk management are further exacerbated 
by the following aspects. The difficulty of defining an equilibrium strategy and the difficulty of quan- 
tifying security parameters (such as risk, confidentiality, and trust), choosing the appropriate game 
model for a given security problem, and reaching consensus on how to interpret a mixed strategy. 

The interaction between attackers and defenders is the basis for making formal decisions and 
developing algorithms, as well as for predicting the behavior of attackers. The applicability of game 
theory in this case is due to the fact that it is a mathematical toolbox independent of the field of 
application, which can be used in any situation of interactive decision-making. 

Based on the analysis, the main models of game theory are presented that provide the possi- 
bility of their application to provide basic security services. 

To model the interaction in the network, several game-theoretic approaches are used, such 
as approaches with perfect and imperfect monitoring. In a game with imperfect monitoring, player 
actions may not be directly observed due to noise. On the other hand, a game is considered as 
a game with perfect monitoring if all players know a series of past actions and the actions of other 
players can be observed without interference. A static game is classified as a game with imperfect 
information, because each participant chooses only his own strategy. 

Table 2.4 shows the main factors of the game for exchanging message packets in the network. 

Thus, to provide basic security services based on the analysis of Table 2.4 in game-theoretic 
models of cybersecurity systems, it is necessary to remove the limitations of the classical repre- 
sentation of game theory models: 

— defender is always able to detect attacks: 

— state transition probabilities are fixed before the start of the game, and these probabilities 
can be calculated from domain knowledge and past statistics; 

— player actions are synchronous, which is not always realistic: 

— most models are not scalable due to the size and complexity of the system in question. 


@ Table 2.4 Game theory methods for providing security services 
Game model Application area Simulation result Security services 


Zero-sum sto- Integration of a robust physical The iteration algorithm of the Integrity, Confidentiality, 
chastic game __ space controller value to obtain equilibrium Availability 
(saddle point) 


Static games — Physical and cyberspace inte- Nash equilibrium and Stackel- Integrity, Confidentiality 
grated using payoff function berg equilibrium 


Dynamic games Discrete time LTI jamming Equilibrium (saddle point of — Integrity, Confidentiality, 
problem the payment matrix) Authenticity 

Markov games Players select actions that Nash equilibrium (also a Confidentiality, Integrity, 

with zero sum __can trigger Smart Grid system Pareto optimal solution) Accessibility, Authenticity, 
state transitions Involvement 


Markov game _— Determination of the optimal — ‘The iteration algorithm of the Confidentiality, Integrity 
response of the defender value to obtain the equilibrium 
in a cyber-physical environment (saddle) point 
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This approach significantly affects the use of game-theoretic models and the formation of 
the basic principles of modeling cybersecurity systems to obtain a synergistic effect from the 
defender. The analysis of the use of game-theoretic modeling of the behavior of agents of security 
systems, the principles of building models and their limitations makes it possible to increase the 
security level of cyber systems based on the existing restrictions and analysis results (Table 2.4). 
Fig. 2.4 shows a synergistic approach to the use of game-theoretic modelling taking into account 
the particular behavior of security system agents. 
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Features of game Game models game theoretic security tasks and 
models restrictions models services 


O Fig. 2.4 Synergetic approach of game-theoretic modeling 


Analysis of Fig. 2.4 defines goals, objectives, and areas of application of game-theoretic mo- 
deling of the security system agent's behavior. These goals are determined by the tasks and areas 
of application of the considered methods (the last column of Fig. 2.4). The application of game 
theory methods allows you the selection of appropriate attack and defense strategies based on 
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typical threats of the KDD99 technique [71], In general, the solution of these tasks provides the 
required level of security. 

Game-theoretic models allow you to create many relevant tasks to provide basic security ser- 
vices: confidentiality, integrity, accessibility, authenticity. Thus, the same model can provide the 
solution to several security tasks, and vice versa, the same problem can be solved using different 
models. Because of this, in practice, it is necessary to determine the necessary subset of game 
models that support the solution of the entire set of security tasks, or a selected subset of them. 

The choice of appropriate models will be determined by the restriction’s characteristic to 
certain game models. The main limitations of the classical models of game theory follow from basic 
assumptions, namely the assumption of definiteness of the ultimate goal of the game, the syno- 
nymy of the concepts of «solving the game» and «balance», the awareness of the players about 
the opponent's resources, the ability of the players to construct a payment matrix, as well as the 
assumption of a clearly fixed sequence of players’ steps that are not dependent on time. The sets 
of game models presented in Fig. 2.4 are characterized by the reflection of certain restrictions in 
the model, which dictates their choice for solving security problems. 

These restrictions follow from the features of game models that describe the behavior of 
players, namely, the ability of a player to detect attacks, a predetermined sequence of moves for 
each of the players, the probability of behavior change for games with mixed strategies, the lack 
of scalability of the model in size and the complexity of the task for certain game-theoretic models. 

This approach significantly affects the use of game-theoretic models and the formation 
of the basic principles of modeling cybersecurity systems to obtain a synergistic effect from 
the defender. 

Analysis of Fig. 2.4 allows to conclude that the advantages of using game theory in the field 
of cybersecurity cannot always be realized due to differences between the real field of cyberse- 
curity and traditional game domains. A significant obstacle to the use of game-theoretic modeling 
of the processes of behavior of antagonistic agents of security systems is the set of limitations 
organically inherent in game theory. 

Thus, in real conditions, there are many characteristics that contradict the simple implemen- 
tation of standard search methods. 

Game theory allows to determine the optimal strategy, but does not give any recommen- 
dations regarding the implementation of this strategy. The list of standard terms used in game 
theory does not include the term «behavior». In other words, game theory works more at the 
strategic level, not dropping to the operational level. Due to this, it does not take into account the 
peculiarities of behavior and the real characteristics of the players. Therefore, to model the be- 
havior, reflect the reflective characteristics of the players and deviate from the principle of ratio- 
nality in making decisions, different approaches from game theory should be used. Game theory 
models can be used to solve particular problems of behavior modeling without claiming the status 
of the main modeling methods. This situation confirms the thesis that the breadth of the problem 
is achieved, most likely, by increasing the level of abstraction and moving away from taking into 
account the characteristics of real players, their behavior, goals and methods of achieving them. 

The revealed limitations inherent in the game-theoretic methodology for modeling the behavior 
of agents of security systems emphasize the fact that this methodology is not universal, although 
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it has a wide scope. The consequence of this is the need to compare the specified methodology 
with other methodologies used for the indicated purposes. 

The choice of a particular methodology should be based on a comparison of the most common 
modeling methodologies. 

Thus, it is proposed to conduct a comparison according to the following criteria: 

— the time and effort required to apply the methodology of modeling and designing the current 
model with the participation of future users; 

— user requirements. The amount of technical knowledge and the level of training necessary 
for the user to understand and use the model: 

— studying time. Time and effort for a typical user to study the designed model and the rules 
for its use; 

— model flexibility. The simplicity with which a developer can change the model to include a new 
variable or change the variables used; 

— number of existing analog models with functions that can be adapted to be used as part of 
the behavior model of security agents: 

— transparency. The simplicity with which the user can discover in the model everything that 
can affect the simulation results. 


2.4 SYSTEM-DYNAMIC MODELS OF CONFLICT-COOPERATIVE INTERACTION OF AGENTS 


When developing a model of behavior, it is first necessary to determine the boundary of appli- 
cability of the model and the main assumptions included in it. The proposed model focuses on the 
dynamics of the interaction of the attacker and the defender in the field of information security to 
determine the investment strategies used by opponents. 

The model represents the company as a defender, which protects the asset from a group of 
attackers who are trying to violate the security of the company’s asset with the help of malicious 
cyber-attacks. An asset can take many forms, such as a customer list, website, payables register, 
or strategic plan. Increased security may be associated with protecting the confidentiality, integ- 
rity, authenticity or availability of the asset for authorized users. 

Modeling is limited to three possible threat vectors. Protection against each of the threat 
vectors is realized as a result of investing in appropriate protection. Defense is considered effec- 
tive if it can compensate for incoming attacks. 

The list of basic concepts and concepts underlying the developed model, which underlie the in- 
teraction of the defender and the attacker in a dynamic behavior model, includes the following [72]. 

Reputation of the company — a profitable and universally recognized name for merits, achieve- 
ments, reliability, etc. In this case, the reputation refers to the public authority of the company. 

Vulnerability is the level of security possessed by company assets. It can also be called an 
asset protection level. 

security vectors are externally visible and accessible system resources that can be used to 
organize attacks on the system. The weight (or magnitude) of the vector is specified in accor- 
dance with the potential damage that could be caused by any exploitation of the vulnerability. 
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Examples of security vectors are: network servers, web pages, email, mobile devices, system 
configuration, and others. 

Opportunities of defenders — available resources of defenders, which are distributed between 
security vectors to increase the level of protection of assets. 

Opportunities for intruders — part of the resources of intruders available to implement attacks 
on defender assets. 

The share of investment — part of the opportunities aimed at protecting the assets of 
the company. 

Percentage of attacks — the number of attacks that cybercriminals distribute between the 
security vectors of defenders according to previous successful attacks. 

successful attacks — attacks that can violate asset protection through security vectors. 

Profit of defenders — monetary gain from improving the level of asset security, which in turn 
in creases the reputation, thereby improving the financial performance of the company. 

Welfare of the attackers — a monetary advantage from the violation of the assets of 
the defenders. 

The formed concepts should be included in the mathematical model, since they reflect the 
nature of the interaction of the parties to the conflict and influence the distribution of limited 
investment funds. 

To get an idea of the dynamics of the attacker-defender interactions, a quantitative and 
integrative dynamic model with a suitable border, time horizon and a realistic interpretation of 
strategic decisions by individuals is needed. 

The model consists of three submodels: Defender Submodel, Battlefield Submodel and Atta- 
cker submodel. The model was built on the following assumptions and limitations. 

Assumption 7. The impact of cyberattacks on a firm's reputation. 

There are both direct and indirect costs associated with cyber security breaches. Direct 
costs for companies include, for example, money spent on intrusion detection systems, overtime 
for hack recovery personnel, and, for example, lost productivity during virus attacks. However, 
these are the costs that companies face in the daily work of their business in the world of the 
Internet. The direct costs of cybersecurity are not included in the analyzed model. 

The real financial damage from cyber security breaches is associated with indirect costs [73]. 
These can be losses caused by falling sales, weakening customer relationships and legal obli- 
gations. Indirect costs are difficult to measure, but they must be presented in the model, since 
they can significantly affect the company’s income. 

The company’s reputation is fundamental. Loss of reputation is considered the indirect costs 
that the company incurs as a result of cyber-attacks. An ad or an article containing a security 
breach may affect their reputation and financial performance. An example of this is a virus attack 
on bank ATMs, which causes them to close for several hours, this may bother customers, but 
they probably will not change banks in connection with this incident. However, if the bank is hacked 
and customer data is distributed on the Internet, customers may well decide to start their own 
business elsewhere. In the latter case, the violation had a negative impact on the reputation and, 
consequently, on the market value of the company due to the real potential for loss of future 
revenue when customers change the service bank. 
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The analyzed model assumes the value for each of the three security vectors as the weight 
coefficient that they attach to their reputation, as well as the status of vector vulnerabilities and 
successful attacks. Modeling will provide an understanding of the value that the company attaches 
to cybersecurity to maintain its reputation. 

Assumption 2. The capabilities of defenders and attackers are external parameters. 

A firm’s ability to invest in information security is limited by its finances. In particular, infor- 
mation security should compete with other projects for financing. Given budgetary constraints, 
the more difficult task for managing information security is not so much the general level of the 
required level of investment as the allocation of limited resources to protect against attacks [74]. 

Depending on the size of the company and the industry to which it belongs, the capabilities 
of firms will vary. The model assumes a relatively large company, since the budget for information 
security does not depend on the financial performance of the company. In other words, the budget 
for investing in information security in this case is fixed and affordable for each modeling period. 

Opportunities for attackers are also assumed to be constant for each period. In a real system, 
hackers are criminal organizations that act in accordance with their own business model. There- 
fore, it is not known exactly how the attackers behave, and on what they build their business case 
and, therefore, how they form their resources for future attacks. The model reflects the behavior 
and capabilities of attackers described in the articles. 

Assumption 3. The cost of a single attack. The cost of a single attack means the ratio of the 
capabilities of attackers and defenders. This parameter represents the damage that each attack 
does to the defenders. In other words, the cost of a single attack is how much money a defender 
needs to repel an attack. 

In the model, the cost of a single attack is an exogenous variable. This option will increase the 
ability of attackers to determine the vulnerability status of each security vector. 

Assumption 4. Type of attackers and type of attacks. Cyber-attacks can come from inside or 
outside the company. The model makes no distinction between internal and external attackers. 
Internal attackers include disgruntled and/or negligent employees who use a weak password to 
access the system or follow a link from a phishing site, not knowing that it is malicious software. 
Another type of attacker is an external one, generally including hacker organizations of criminals. 
In addition, the model does not break attacks into various types, for example, denial of service, 
phishing, viruses, ransomware, SQL injections, and so on. 

Assumption 5. The cost of security for defenders. In the model, the cost of security that 
defenders bear when making an investment decision each period is reflected in the decision rule on 
the share of investments that they allocate for each security vector when it is violated. 

The model does not reflect various financial indicators and does not use approaches to analyze 
each investment decision, such as: cost-benefit analysis, risk analysis, net present value (NPV), 
annual loss estimation (ALE), return on securities investment (ROSI) etc. The reason for this is 
that financial analysis would require a more complex model, including empirical data, to give greater 
accuracy to research. 

The structure of the model represents both a qualitative display of the system, through cau- 
sal relationships between variables, and its quantitative representation, by formally determining 
causal relationships through equations. 
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The system dynamics model contains three submodels: 

— Defender Submodel: 

— Battlefield Submodel; 

— Attacker Submodel. 

The Defender Submodel represents the structure of a firm’s defense against malicious cyber- 
attacks that attempt to violate the security of its information asset. In each period, the defender 
makes a decision to determine his defense configuration. It is assumed that defenders have basic 
protection for each vector, and their security capabilities are designed to cover the additional 
security efforts resulting from security breaches. 

We introduce the following notation for the variables and factors describing the Defender 
submodel (Table 2.5). 


@ Table 2.5 Formal designation used in Defender Submodels 


Variable Description 
A° Successful Attacks 
ie Time to report Attack 
NDA Number of Dismissed Attacks 
- Dismissal time 

Dismissed 
R Reports 
igh Fraction Investment Vector / 
Rep Reputation 
BU Building Up 
(ee Time to build up reputation 
Adj Adjustment 
ER Erosion 
ie Time reputation loss 
ate Base reputation 
V, Vector / Value 
Vul; Vulnerability Vector / 
DFP Defenders Financial Performance 
RMR Reputation to money rate 
BFP Base financial performance 
DAP Defenders Accumulated Profit 
IFP Increasing Financial Performance 


Defender protects his asset against three security vectors (A, B and C) that matter, which 
will be converted into reputation and then into financial results. In the model, security vectors are 
presented as the vulnerability state of each vector. 
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In case of successful attacks, a message is generated indicating the specific attack vector by 
which the target of the attack was achieved. 

A description of the dynamics of successful attacks for each of the vector can be represented 
in the form of the following relationships: 


RS 
aw) R,-D, R,=A?/T™, 


where A; — increase in the number of successful attacks on a specific vector during the time 
required by the defender to report successful attacks (1 month); D,— the number of reflected 
attacks reported, divided by the time required by the defenders to stop such attacks (1 month). 

The share of the investment vector for each vector is calculated based on the reported suc- 
cessful attacks divided by the sum of the recorded successful attacks of all three vectors. The 
equation indicates that the defender will invest a share of investments in the i-th vector, which is 
equal to the total number of successful attacks received on this vector: 


Fl, = A’ y Ae. 
i=1 


Reputation is presented as a stock that accumulates during each modeling period. Reputation 
enhancement is the growth rate obtained by adjusting the reputation, which, in turn, is the result 
of the sum of the values of each security vector and their corresponding vulnerability result for 
each vector: 


d(Rep) _ py _ ep 





y _fAg/Te™. if Ad>0; 4 _ j|Ad/T™), if Ad <0 
(0, if Ad <0, [OIF Ad>0. 


Raising a reputation is the following decision-making rule: reputation growth rate will increase 
whenever the adjustment is positive. On the contrary, a negative adjustment (loss of reputation) 
means that the company is losing its reputation: 


3 
Ad = IR — Rep, IR =R°- SV, xVul. 


i=1 


Financial Performance of Defenders. Financial indicators of defenders are determined by the 
current reputation and the ratio of the level of reputation to funds, which shows how much the 
reputation of the company is estimated in relation to its financial indicators: 


DFP = (RMR x Rep) + BFP. 
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Defenders Profit determined by financial indicators, which is necessary for the analysis of 
policy options: 
d (DAP) 
dt 


= |FP. 





The Battlefield sub-model is a segment of the model in which defenders and attackers interact 
with their respective capabilities and investment decisions. The main components of this submodel 
are Vulnerability and Successful attacks of each security vector. In the description of the submodel 
of the battlefield, the following notation of variables is used (Table 2.6). 


@ Table 2.6 Description of Variable Submodels of the Battlefield 


Variable Description 

be Attackers Capabilities 

Ag Fraction of Attack Vector i 
be Attack Unitary Cost 

C? Defenders Capabilities 


Vulnerability of attack vectors indicates the level of security for each of the vectors. If the 
vulnerability is positive, it means that the system is weak in security. Vulnerability is determined 
by the following expression: 


Vul, = (C* x AF x€™)—(€° x Fi), 


In essence, the vulnerability is determined by the difference between the resources that the 
attacker directs to the corresponding vector of attacks and the resources that the defender 
allocates to fix security flaws on the same vector. 

The resources of an attacker are determined by his abilities, multiplied by the fraction of the 
capabilities allocated for attacking the vector, and by money, for the attack equivalent to each 
attack. Similarly, the resources of the defender are the result of the multiplication of his abilities 
and the share intended to protect the vector after hacking. 

successful attacks are important for this model, as they will trigger future investment deci- 
sions for both opponents. Successful attacks are calculated as follows: 


oA = (c’ x AF) -((c° x AF )/C™, if Vul, > O: 
10, if Val <0. 


This formulation entails that if the vulnerability of the vector is below zero, there will be no 
successful attacks, since the defender has equal or superior capabilities than the attacker, and he 
is able to stop all attacks. On the other hand, if the vulnerability of a vector is above zero, there 
will be successful attacks. 
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Multiplying the defender’s capabilities by the share of invested funds, and then divided by the 
cost of a single attack, indicates the number of attacks that the defender can reflect in case of a se- 
curity violation. Thus, the difference between the number of attacks carried out for each vector and 
the number of attacks that the defender can repel is equal to the total number of successful attacks. 

The attacker is aimed at the company and makes some efforts to implement attacks. Since 
the attacker does not know where to aim in order to gain profit, he uses the initial distribution of 
successful attacks to determine the distribution of vulnerabilities by vectors. 

The attacker identifies and uses the weakest link, i.e. the security vector with the lowest 
protection. If the attacker succeeds, he will make a profit, which will mean lower financial perfor- 
mance for the defender. The attacker does not act indiscriminately; rather, he attacks only when 
it is beneficial to him. 

successful historical attacks in the attacker's model prompt to attack the weakest link and 
not neglect other vectors, allocating a smaller part of the resources for their attack. It is assumed 
that the attacker obtains the same utility for using all security vectors. 

To represent the relations that determine the attacker's behavior, the following notation of 
variables has been introduced (Table 2.7). 


@ Table 2.7 Variable designations for an attacker submodel 


Variable Description 

A’ Accumulated Successful Attacks Vector i 
B Breaches 

A Successful Attacks Vector / 
lie Time to report attack 

ye Past value / 

S; Switch / 

pr Attackers Performance 

is Breaches Vector i 

Ww” Accumulated Attackers Wealth 
Ww Increasing Attackers Wealth 


Accumulated successful attacks. The sum of the accumulated successful attacks of each 
vector allows the attacker to determine the weakest link and determine the solutions for the 
next attack in order to use the most vulnerable security vector. The designation / indicates the 
vectors A, B and C. 


=~ =B, B=AS/T™. 


The increase in this indicator is determined by successful attacks in the vector, divided by the 
time it takes for attackers to report attacks (1 month). 
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Share of attack vectors — are decisions made by attackers as a result of accumulated suc- 
cessful attacks on each vector. For the weakest link strategy to work in this model, attackers 
must switch from one vector to another when the current vector is not good enough for him to 
continue to attack him. 

For this reason, the parameter of the past value is used to save the previous value of the 
previous period in order to be able to compare the current value of the attack with the past value 
of the accumulated successful attacks for the last period and determine whether it increases or 
decreases in order to decide whether or not to change the vectors. 


v(t) = 48(t-1) 


Switch parameter is a condition that indicates that when the comparison of the current value 
with the previous value is less than 1, then the switch becomes zero, and it is not advantageous 
for the attacker to continue using this vector and move on to another. The conditional value is 1, 
not zero, since 1 is a threshold for evaluating the differences between the two values, which must 
be at least equal to one to justify the change. 

This is an example of calculating the attack fraction of the vector A, but for the other vectors 
the same: 


— 0, if ASV? <1 
if Ae a 4 


=5, F=5 xas/S(6 x A'S). 


i=1 


Whenever an attacker decides to stop attacking one vector and switch to another, invest- 
ments in the other two vectors will increase. 

Attacker performance — this is the sum of violations of all vectors multiplied by the cost of 
a single attack: 


B 
=) Bxc™ 
i=1 


The «welfare» of attackers is determined by financial indicators; this stock was created 
for analysis purposes in the following scenario and policy options analysis. The influx of wealth 
of attackers is a function of the productivity of attackers. 


d(AAW) 
dt 


= IAW. 





The choice of a particular methodology should be based on a comparison of the most common 
modeling methodologies. 
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Thus, it is proposed to conduct a comparison according to the following criteria: 

— the time and effort required to apply the methodology of modeling and designing the current 
model with the participation of future users; 

— user requirements. The amount of technical knowledge and the level of training necessary 
for the user to understand and use the model: 

— studying time. Time and effort for a typical user to study the designed model and the rules 
for its use; 

— model flexibility. The simplicity with which a developer can change the model to include a new 
variable or change the variables used; 

— number of existing analog models with functions that can be adapted to be used as part 
of the behavior model of security agents; 

— transparency. The simplicity with which the user can discover in the model everything that 
can affect the simulation results. 

The results of the comparison of various methodologies are presented in Table 2.8. It should 
be noted that the first three criteria should be low, and the last three criteria should be high. 


@ Table 2.8 Compliance of modeling methodologies with comparison criteria 


Time to create User Study Flexi- Availability of Transpa- 
a model requirements time bility § modellibrary rency 
Game theory L L-H L-H M H L-H 
Agent Modeling M-H L-M L-M M-H  L-M M-H 
Dynamic systems M H H M M M 
System dynamics L L L H L H 
Data Driven Models M M L M M H 


Note: / — /ow, M — medium, H — high 


Based on a set of comparison criteria for agent behavior modeling methodologies, system 
dynamics may turn out to be an alternative to game-theoretic modeling of agent behavior. 
The advantages of system-dynamic modeling also speak in favor of this choice. The methodology 
of system-dynamic modeling allows: 

— to detect the emergent properties of the investigated system behavior. System-dynamic 
models provide a way to study the formed behavior of agents based on the relatively simple rules 
of behavior of an individual agent. This approach allows to obtain and further study the synergistic 
properties of antagonistic agents in the process of cyber conflict; 

— to determine the most important parameters in the system dynamics: it is necessary to 
determine the set of input data in order to understand their influence on the output data. The sys- 
tem-dynamic model allows you to evaluate the impact of each input parameter on the result of the 
system's functioning and rank them depending on the degree of influence, and subsequent analysis 
of the model's sensitivity will support the decision to include one or another factor in the model; 

— to prepare quantitative assessments of qualitative ideas: systemic dynamic models allow 
the user to convert a qualitative understanding of agent interactions into quantitative assess- 
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ments of the effectiveness of the implementation of a particular scenario of behavior in the 
process of cyber conflict: 

— to predict the long-term consequences of decisions for a certain circuit of business processes; 

— to support the use of the model and provide system administrators with a set of tools for 
organizing training for personnel in decision-making in difficult conditions of cyber conflict. In par- 
ticular, system dynamics is a method for improving learning in complex security systems, especially 
large infrastructure projects. The study of complex dynamic systems requires not only technical 
means to create mathematical models, since these tools are applied both to human behavior and 
to physical and technical systems. 

The results obtained from the analysis of the comparison table are explained primarily by the selec- 
tion of appropriate comparison criteria. These criteria reflect the basic requirements on the part of de- 
velopers of security agent behavior models. It should be borne in mind that for other subject areas and 
other tasks, the set of comparison criteria can be changed, which will lead to different selection results. 

The second factor influencing the results of the comparison is the subjective nature of the 
assessments of the conformity of a particular methodology to the established criteria. In addition, 
these estimates are purely qualitative in nature, and the boundaries between the low, medium, and 
high values of compliance with the criterion are not fixed. 

The subjective choice of criteria and their values determine not only the features of the pro- 
posed approach, but also its limitations. As ways to address these shortcomings of the approach 
to justifying and choosing a modeling methodology, the following can be proposed. 

First of all, the use of expert assessment methods that provides quantitative assessments of the 
rationale for the choice, namely, the determination of the required number of experts and the degree 
of consistency of their assessments, which allows to talk about the stability of the group assessment 
of the chosen methodology. As the second way, allowing passing to a quantitative assessment of the 
justification of a choice, one can use the theory of fuzzy sets that transform the qualitative values of 
the criteria into quantitative estimates for their subsequent processing. It should be noted that the use 
of fuzzy sets in the field of cybersecurity is mainly associated with the assessment of risks of threats. 


2.0 METHODOLOGICAL FOUNDATIONS FOR THE DEVELOPMENT OF A CYBER THREAT 
CLASSIFIER 


The development of computing resources and «G» technologies has predetermined the rapid 
growth of the Internet of things based on the synthesis of physical systems and Internet techno- 
logies. Given the fact that there is no single universally accepted definition of cyberphysical sys- 
tems, a rather general definition of a cyberphysical system as a system used to monitor and con- 
trol objects of a physical nature (the physical world) is given in [75]. These systems are perceived 
as a new generation of embedded control systems. In addition, systems in which networks of 
sensors and actuators are integrated are also considered cyberphysical systems [76]. Due to the 
dependence on IT systems, cyber-physical systems can be defined as IT systems that are integra- 
ted into applications of the physical world [77]. This integration is the result of advances in 
information and communication technology (ICT) to improve interaction with physical processes. 
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All these definitions emphasize the constant and intense interaction between the cyber and phy- 
sical worlds. However, their development also determined a new direction in the development 
and/or modification of old threats, which is not only manifested in the possibility of hacking and 
unauthorized access to confidential (personal) information of users, but also in the possibility of 
conducting an «energy apocalypse». This approach allows cybercriminals to use cyberphysical sys- 
tems to obtain a synergistic effect from the implementation of threats in cyberspace as a whole. 
There are many tasks that dictate the need for a unified approach based on the construction 
of classification of threats. These tasks include analyzing deviations from the normal operation 
of the security circuit in cyberphysical systems, ensuring the stable operation of the security cir- 
cuit in cyberphysical processes, and preventing hacking of the security system. The construction 
of a classifier of threats should be carried out taking into account their synergy and hybridity for all 
security components, namely, information security (IS), cybersecurity (CS) and security of infor- 
mation (SI). The classifier should reflect the need to integrate security components with social en- 
gineering methods and take into account the lack of funds to ensure the required level of security. 

Publications dealing with the development of methodological foundations for constructing clas- 
sifiers of threats to cyberphysical systems can be divided into three groups. The first group com- 
bines publications describing various cyberphysical systems and their features and characteristics 
that make them vulnerable to various kinds of threats. The second group includes publications on 
a variety of threats and attacks directed specifically at cyber-physical systems. The publications 
of the third group describe various approaches to the construction of taxonomy and classification, 
which, ultimately, lead to the construction of threat classifiers for cyberphysical systems. 

The most significant article of the first group is [75], in which existing studies on the safety 
of cyberphysical systems (CPS) are collected and systematized within a single structure. The 
proposed structure is a three-dimensional system of orthogonal coordinates. The first axis corre- 
sponds to the well-known classifications (taxonomies) of threats, vulnerabilities, attacks and se- 
curity controls. The second axis corresponds to the components and subsystems in terms of their 
nature, namely, cybernetic (computer information), physical and cyberphysical. The latter exhibits 
synergistic properties that were not possessed by the elements or subsystems of the first two. 
And finally, the third axis corresponds to the reflection of the integral (synergetic) functions of 
cyberphysical systems, as well as their manifestation in various typical cyberphysical systems (for 
example, intelligent networks, medical CPS and intelligent machines, and mechanisms). In Fig. 2.5, 
the relationship of the proposed structure with critical cybernetic information systems (CCIS) 
is proposed, using the banking sector as an example. 

It is noted that the designed CPS model can be either abstract to show the general interac- 
tions of the CPS application, or specific to capture any details when necessary. This representation 
allows you to build a model that is abstract enough to be applicable to various heterogeneous CPS 
applications and to obtain a modular representation of closely related and interacting CPS com- 
ponents. In this case, the formation and manifestation of synergistic properties in the process of 
functioning are provided. This abstract separation allows you to build a systematic understanding of 
CPS security and highlight potential attack sources and defenses. The paper argues that identifying 
differences between traditional IT systems and cyberphysical systems is key in understanding CPS 
security issues and the subsequent construction of threat classifiers for such systems. 
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Four specific cyberphysical systems are specifically considered, namely, power supply net- 
works, medical systems, smart cars and industrial facilities control systems. For these systems, 
the issues of communication in these systems and their safety are discussed in detail. It is empha- 
sized that security control is usually associated with mechanisms such as cryptography, access 
control, intrusion detection and many other solutions commonly used in IT systems. These mecha- 
nisms are very important for protecting the infrastructure of information and communication tech- 
nologies. It is noted that security solutions require solutions that take into account cyber-physical 
aspects, and they can be supplemented by IT security solutions. 

Ensuring the security of CPS is associated with various problems, one of which is an under- 
standing of potential threats [76]. Knowing who/from what CPS protection is organized is equally 
important for understanding existing vulnerabilities and attack mechanisms. A security threat is 
defined as «a set of circumstances that could lead to loss or harm» [77]. 

In [75], five factors are identified for each threat: source, target, motive, attack vector and 
potential consequences. The source of the threat is the initiator of the attack. 

Sources of threats are divided into three types [78-83]: 

— warring threats (intentions of individuals, group organizations or states/nations): 

— random threats (threats that were caused by accident or using CPS components); 

— environmental threats, including natural disasters (floods, earthquakes), man-made disas- 
ters (fires, explosions) and interruptions in the supporting infrastructure (power outages or loss 
of communication). 

Goals are CPS applications, their components, or users. CPS attackers usually have one or 
more reasons to launch an attack: criminal, spyware, terrorist, political, or cyber warfare [84]. 
A threat can perform one or more of the four mechanisms of a successful attack: interception, 
interruption, modification, or fabrication [79]. The consequences of an attack may be a violation of 
the confidentiality, integrity, availability, confidentiality or security of the CPS. 

Potential threats and vulnerabilities are investigated for the selected four applications of cyber- 
physical systems. The work contains summary tables reflecting the influence of each of the five 
factors noted on a particular type of cyberphysical system, as well as a list of characteristic attacks 
undertaken against such systems. Despite the fact that the listed factors can be considered as the 
foundation for constructing a classifier of threats to cyberphysical systems, the issues of taking 
into account the synergistic effects of the functioning of such systems have not been considered. 

In general, the contribution of the mentioned work to the problem of constructing CPS threat 
classifiers can be formulated as follows: 

— the CPS security system, designed to distinguish between cyber, cyberphysical and physical 
components in this system is proposed; 

— the potential sources of threats and their motives are investigated; 

— existing vulnerabilities are presented and significant reasons for their occurrence are high- 
lighted using real examples; 

— a review of recorded attacks on CPS was conducted to identify the main vulnerabilities and 
components susceptible to threats; 

— a comparative analysis of existing control mechanisms has been carried out and unresolved 
problems and problems in various CPS applications have been identified. 
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In [78], three key issues for protecting cyber physical systems are discussed: understanding 
the threats and possible consequences of attacks, identifying the unique properties of cyber phy- 
sical systems and their differences from traditional IT security, and discussing security mecha- 
nisms applicable to cyber physical systems. In particular, security mechanisms are analyzed for: 
prevention, detection and recovery, resilience and deterrence of attacks. 

A distinctive feature of the work is the development of an adversary model as a way to 
understand the extent of the problem and assess the risks. The work contains descriptions of 
some potential attackers, their motives and resources. An analysis of the behavioral aspects of 
attackers was made in [85, 86). 

The work notes that the goal of cybercriminals is to compromise computers wherever they can 
be found (even in control systems). Attacks by cybercriminals may not necessarily be targeted. 
Cybercriminals may not have the intent to harm control systems, but their actions can cause 
negative side effects. For example, control systems infected with malware may not work properly. 

Insiders are currently the main source of targeted computer attacks on control systems [87]. 
These attacks are important from a security point of view, because they are caused by persons 
with authorized access to computers and networks used by management systems. Therefore, 
even if control networks are completely isolated from public networks (and the Internet), in- 
sider attacks will still be possible. Since disgruntled employees tend to act alone, the potential 
consequences of their attacks may not be as devastating as the potential damage done by larger 
organized groups. 

Terrorists, activists and organized crime groups are another potential threat to control systems. 
Attacks on extortion control systems are not new. Cyber-attacks are a natural development of 
physical attacks: they are cheaper, less dangerous for an attacker, not limited by distance, they 
are easier to copy and coordinate. 

States can also be a potential threat to governance systems. In general, it is not surprising 
that most military powers learn the technology of future attacks, including cyber-attacks against 
the physical infrastructure of other countries. 

The work emphasizes that the main objective of the research is to identify and classify a new 
type of attacks that are possible in control systems, and to study their possible consequences. 
For example, attackers can launch unique attacks on control systems (that is, attacks that are not 
possible in traditional IT systems). One possible example would be resonant attacks. In a resonant 
attack, an attacker who compromises some sensors or controllers will cause the physical system 
to oscillate at its resonant frequency. In [88], based on the definition of a cyberphysical system 
as a distributed control system with strict time constraints consisting of physical and cyber 
components, the differences between the IT system and the cyberphysical system are formulated. 
Physical Interface: Having a physical interface is what makes CPS security especially difficult. 
Unlike a standalone IT system, a security breach in a CPS system has disastrous consequences. 
An attacker can use a physical interface to undermine the security of CPS without the need to 
violate the access control mechanism. In traditional IT security, this can only happen if data is 
transmitted over an open network. 

Control system: CPS is based on one or more core control networks, which are often inte- 
grated with a physical sensor/actuator, which differs markedly from the traditional point of view 


37 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


of IT security. Supervisory control and data acquisition systems (SCADA) are an integral part 
of modern industrial infrastructure. Unsurprisingly, vulnerabilities in this management network 
remain an attractive place for cyber-attacks that continue to grow due to SCADA systems con- 
nected to the Internet [89]. A feature of the analyzed work is not only the classification of 
attacks, but also its connection with security standards. In addition, modern hybrid attacks on 
State-level computer systems do not just damage an isolated machine or disrupt the operation 
of a single corporate system [90]. Instead, new attacks target infrastructure, which is an integral 
part of the economy, national defense, and everyday life [91]. Studies of cyberphysical systems 
have shifted the focus from developing the optimization task of these computing components to 
the interaction involved between physical media and the computing elements with which they 
interact [92]. A classification consisting of four dimensions was proposed in [93], which allows 
one to simultaneously consider issues of both the functioning of the network and issues related to 
computer attacks. The first dimension of the classification covers the attack vector and the main 
scenario of the attack. The second dimension of classification identifies an attack by its primary 
purpose. Vulnerabilities are classified in the third dimension of the classification, and payloads in 
the fourth taxonomy. Similarly, the authors present an information security risk analysis method- 
ology that links the assets, vulnerabilities, threats and controls of an organization. The approach 
uses a sequence of matrices that reflect the correlation of various elements in a risk analysis. 
The data are aggregated and cascaded by matrices in order to correlate assets with controls in 
such a way as to obtain priority ranking of controls based on the assets of the organization [94]. 

In addition, cyber-physical incidents were discussed and classified in [95] based on sectors, 
sources and impacts of incidents. This document provides an example of how organizing the pro- 
cess of collecting information about cyber incidents can be used by victims of cyber-attacks. 
In addition, an attempt is described to help understand the threat of cyber incidents for various 
purposes, which may be useful to increase organizational focus from the point of view of cyber 
incident. In addition, the security ontology for investigating incident analysis [96] allows one to 
organize a classification similar to that presented in [97]. 

In the proposed classification, the stages of incidents were investigated taking into account 
additional extensions that reflect various categories of the entity involved in attacks and at- 
tack relationships. So, the authors distinguished the following classes of entities: an attacker, 
a vulnerability, a tool, a target, an action, goals, and an unauthorized result. Attackers use tools 
to perform actions that exploit target vulnerabilities. In [98], models of virtual control system 
environments (VCSE) are presented, which illustrates the corresponding parts of CPS and their 
threats. They are designed to analyze the influence of physical factors. Models were built from 
real, simulated and emulated components that were vulnerable to actual, simulated malicious 
and other hostile activities. In addition to the dynamic basis of cyber terrorism, a structure was 
proposed in [99] that describes the main components of cyber terrorism. Cyber terrorism was 
defined by a structure reflecting six points of view: motivation, goal, attack method, subject area, 
criminal actions and attack effects. 

The classification of cyber-attack and defense mechanisms for emergency management net- 
works aims to support a common understanding of the associated cyber-attack and defense 
mechanisms. Attack mechanisms are classified according to three aspects, according to the 
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network, according to the attacked functions and attack factors, while the defense mechanism 
is determined by the type of protection, the degree of distribution and organizational ele- 
ments [100]. In addition, the problems of cybersecurity in emergency management are divided 
into three groups determined by the criticality of time (refers to emergency situations), when 
decisions must be made and quickly transmitted. The National Institute of Standards and Techno- 
logy (NIST) [101] presented a framework focused on using business drivers to guide cyberse- 
curity activities and address cybersecurity risks as part of the organization's risk management 
processes. The classification structure is represented by three parts: the core of the structure, 
the profile of the structure, and the levels of implementation of the structure. The core of the 
structure is a set of cybersecurity measures, outcomes and information guides that are com- 
mon to critical infrastructure sectors, providing detailed guidance for developing organizational 
personality profiles. Using the profile, the structure is designed to help the organization bring 
its cybersecurity activities in line with business requirements, acceptable risks and resources. 
Tiers provide a methodology for organizations to understand and consider the characteristics of 
a cybersecurity risk management approach. In addition, a threat-based mathematical quantitative 
structure is used in [102], which is used to evaluate and design the security of CPSTo counter 
each element of the threat, it is proposed to be guided by the following three principles: 

— principle 1: focusing on a critical system should include only basic functions; 

— principle 2: the movement of key elements of the assets necessary for the mission, and 
security control, which is difficult for an attacker to achieve physically and logically (to reduce 
accessibility): 

— principle 3: responding, detecting, adapting and misleading attackers by introducing system 
elements with dynamic response technologies (to counter the attackers’ capabilities). 

The fundamental work in Ukraine, devoted to the construction of classification systems and 
classifiers of threats in the field of cybersecurity, is undoubtedly the work [103]. The paper 
presents the results of the analysis of modern protection of state information resources (SIR) 
in information and telecommunication systems. At the same time, the emphasis in the work is 
placed on the regulatory support for the SIR, the legal aspects of the formation of the SIR are de- 
scribed in detail, and new terms and definitions of the problems of their protection are introduced. 
A significant drawback is the lack of communication of threats with the OSI model, which allows 
you to identify critical penetration points. 

In [104], the authors propose an improved version of the classifier of threats to banking 
information as one of the resources of critical cybernetic information systems (CCIS) of the state, 
taking into account their synergies and synergies of security components. Fig. 2.6 shows a block 
diagram of the proposed solution. 

Thus, the analysis showed that the approaches considered do not take into account the 
combination of modern threats that are hybrid and synergistic with the elements of the cyber- 
space infrastructure of companies/organizations. Existing approaches practically do not take into 
account the economic aspects of ensuring security, which limits the minimization of economic 
costs for the construction of a comprehensive information protection system. It is the neglect of 
the economic aspects of security in the construction of the classifier of threats that makes the 
proposed study relevant. 


39 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


Determination of the probability of the impact of IS, CS, and SI threats on the security 
of a BIR based on the threat classifier 


Step 1. Formation of classifier metrics 
K 
Di 
i=1 k= 


wi —coefficient metric value; /— number of threats; A— number of experts 


Step 2. Formation of a digital identifier of the threat identifier 
aL 


Step 3. Selection of weighting coefficients o,, determining the conditions for the 
manifestation of the /-th threat 


Step 4. Determination of the implementation of each i-th threat, taking into account the 
likelihood of attacks 


j 
ik 


Step 9. Determination of the implementation of the occurrence of multiple threats to the 
selected service: 
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Step 6. Determination of the total threat by security components: 
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Step 7. Determination of the generalized synergetic threat of BIR: 
wis: CS,SI -w's U we U w 


synerg synerg synerg synerg 


Step 8. Determination of the generalized synergetic threat of BIR, taking into account its 
hybridity: 
Wirverde AAG OW AW WA AW 


synerg synerg synerg synerg ‘synerg 





O Fig. 2.6 Determining the probability of threats based 
on a synergistic model of threats 


To create a threat model, they usually use the adapted CIA triad model (confidentiality, in- 
tegrity, availability), which is the basis for its further modifications in practical models (Hexad 
Parker model, 5A model, STRIDE model, etc.). However, in the conditions of post-quantum 
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cryptography (in the context of the emergence of a fullscale quantum computer), US NIST ex- 
perts question the provision of the required level of security with modern symmetric and asym- 
metric cryptosystems [105]. 

In addition, the rapid growth and use of «G» technologies can significantly change the vector 
of the use of cyberspace as the main channel for transmitting information between cyber sys- 
tems and information and communication systems. 

such changes significantly reduce the level of security and can practically reduce it to zero. 
Under such conditions, it is necessary to consider the complex of threats — their combination 
and hybridity, leading to the appearance of a synergistic effect with a subsequent increase in the 
likelihood of a threat based on a synthesis with social engineering methods. 

In [106], the authors proposed a fundamentally new approach to the methodology for con- 
structing security systems based on the synergetic threat model, which provides the forma- 
tion of methodological foundations for constructing a classifier of modern threats to cyberphy- 
sical systems. 

In Fig. 2.7, a block diagram of the synergetic model of synthesis threats to information-critical 
cybernetic systems (on the example of banking sector organizations) and CFS is proposed. 

In accordance with ISO/IEC 27001:2013, threats are classified as intentional, incidental and/ 
or environmental. Typical examples include technical failures, unauthorized actions, software inter- 
ference, physical damage, compromised functions, etc. 

However, the standard, like other normative international acts, does not consider the 
synergy and hybridity of modern threats, their combination with social engineering methods, 
which significantly increases the risk of the threat. The proposed approach takes into account 
the possibilities of modern threats, their synergy and hybridity, the possibility of integration 
with social engineering methods. To design a classifier of threats to cyberphysical systems, 
Fig. 2.8 provides a block diagram of the methodological foundations of a unified classifier tak- 
ing into account the synergetic model of threats and economic costs of ensuring the required 
level of security. 

Let us consider in more detail the proposed approach to the formation of a classifier of 
threats. At the first stage, experts are invited, using their experience, to form tuples of a threat 
classifier based on 5 platforms. 

The first platform determines the criticality level of the threat (critical, high, medium, 
low, very low), which allows you to calculate the economic «profitability» of critical threats 
in step o. 

The second platform defines the attitude towards the security component (information secu- 
rity (IS), cybersecurity (CS), security of information (SI), which allows you to get an assessment 
of the synergistic effect on one of the threat components in step 9. 

The third platform determines the direction of the threat to security services (integrity, con- 
fidentiality, accessibility, authenticity and involvement), which allows you to get an assessment of 
the impact of several threats on security services in step 4 and determine the direction vector of 
the impact on infrastructure elements. 

The fourth platform determines the nature of the directions of the impact of threats (regula- 
tory, organizational, engineering). 
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The fifth platform provides an assessment of focus on infrastructure elements and allows 
you to «identify» critical points in an integrated information security system (IISS). Moreover, for 
the objectivity of expert judgments, we use the weighting coefficients of expert competence ([K,), 


presented in Table 2.9. 





Information theft 


GPS Spoofing 


Feedback ; 
( Sensing ) Feedback Integrity 





Eavesdropping 





Equipment 
Data Failure 


destruction |” Prohe-attacks 


Actuation 
Disruption 






Usage errors 















Signal Computing 
interception DoS-attacks q is 
S 
— 





Virus, worm, 
trojan 


CPS 


=antee ae Sq, (1088 of Power Supply 
~~, : Dazzling Cameras 
Software malfunction “his, with Light 
Maye 
°” 


— 
inal Energy 


Port sweep Probe-attacks Hardware Intervention ree 
ac 
Copy information 


gyperseoh 





Packet Replaying 


Theft of information 


R2L-attacks 














Visual interception of information displayed 
on the screen displays or keyboard input 


U2R-attacks S. 


; c) 
Buffer Rootkit Gp, 
overflow A 


Information 


Loadmodule Modificat’ % 
odirication “” : Refusal of the fact of receiving / 
“"p 


transmitting, creating false 
(_ Back) (Neptune ) F=4 information about the time of 
= receiving/ transmitting messages 
[r-J 
= 
S 
= 








destruction 


DoS-attacks 


Phishing 


Extracting 
information from 
statistical databases 










Copying, stealing information, 
software 


Unauthorized use of 
information, masquerade 


O Fig. 2.7 Block diagram of a synergistic model of synthesis 
threats on CCIS and CFS 
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critical high middle low 
01 02 03 04 


PLATFORM 1 - THREAT CRITICITY LEVEL 


regulatory (01), organizational (02), engineering (03) 
PLATFORM 4 - CHARACTER OF DIRECTIONS 


FL — physical level (01), W/Z — network level (02), OS/ — operating systems level (OS) (03), 
DBL — Data base management level (04), BL — bank technological applications and services level (05) 
PLATFORM 5 — ISO / OSI INFRASTRUCTURE LEVEL 


determined by expert evaluations of IS and / or CS specialists 


STEP 1. FORMING METRIC THREAT COEFFICIENTS FOR ICS AND CPS 
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STEP 2. FORMATION OF WEIGHT COEFFICIENTS OF CONDITIONS OF MANIFESTATION OF THREATS FOR 
ICS AND CPS 
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automatically determined based on mathematical expressions 


O Fig. 2.8 Block diagram of the threat classifier 
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@ Table 2.9 Expert competency weight 


No. Expert Qualifications Weight value (k,) 
1 International expert in the field of IS, CS, Sl 1.0 
2 National expert in the field of IS, CS, SI 035 
3 Certified international specialist in the field of IS, CS, Sl 0.9 
4 Full doctor of science in the field of IS, CS, Sl 0.9 
0 Director of security service 0.85 
6 Doctor of Philosophy in the field of IS, CS, Sl 0.8 
7 Security officer 0.7 
8 System administrator 0.6 
9 Security engineer 0.5 
10 Graduate student in the field of IS, CS, SI 0.4 


The total score of the z-th threat is determined by the number of experts according to the 
expression: 


K 

XG 

x2, (2.3) 
K 

where x, is the assessment of the of the i-th threat by the k-th expert; k, — expert compe- 
tency level; K is the number of experts. 

A measure of the consistency of expert assessments is the variance, which is determined 
by the expression: 


2 1< * 
=—Nk{x,-x.]. (2.4) 
0, raz A k ) 


The statistical probability of the obtained results 1—-o,, will be | x, — A,x, + A], where the 
quantity xi is distributed according to the normal law with center x, and dispersion o%. Then A is 
determined by the expression: 


A=t/o?/N, (2.5) 


where ¢ is the value according to the Student distribution for K—1 degrees of freedom. 

To form metric (weighting) threat factors (Fig. 2.8) and their impact on security services, 
we introduce the following notation: / is a security service for both ICS and CPS. Basic security 
services: C — confidentiality; / — integrity; A — availability; Au — authenticity, Aff — involvement (af- 
filiation). Thus, a tuple of security services /={C, |, A, Au, Aff} is formed in the classifier; N — the 
number of threats; K — the number of experts who participated in the expert threat assessment; 
fi\" — current number of the i-th threat; {ky — current number of the expert. 
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To evaluate the hybrid and synergetic components of the impact of modern threats, we use 
the following sequence of actions: 

1st step. Determination of the average expert rating for all threats to a particular security 
service: 


4 NK 
Wis = - Te by W esi: 
Kae 
/ N K 
W ops a roe (2.6) 


i=1 k=1 


where W/.., is the value of the metric coefficient set by the k-th expert for the i-th threat of 
the j-th security service for ICS, w/,., is the value of the metric coefficient set by the k-th expert 
for the i-th threat of the j-th security service for CPS. 

2nd step. Formation of weighting factors for the threat manifestation conditions for ICS and 
CPS (Table 2.10): 


a’, i¢ (0.067; 0.133; 0.2; 0.267; 0.333], 


O b] 


a”°, ie (0.067; 0.133; 0.2; 0.267; 0.333]. 


@ Table 2.10 Selection of weights o, of manifestations of the i-th threat 


CO, Manifestation conditions 

0.067 The threat does not occur more than once every 5 years 
0.133 The threat does not occur more than once a year 

0.2 The threat does not occur more than once a month 
0.267 The threat does not occur more than once a week 
0.333 The threat is daily 


3rd step. Determining the implementation of each threat for ICS and CPS: 


W ics; Fos: = Posi > Wes 4 


where 
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For each security service and /-th threat: 
— for ICS: 


/ K 

ee C ! a 

Wirg Qing = O09 Mise — confidentiality service, 
k=1 


K 


‘ K 
A A 7 A A : pe . 
Wins ies = — ies Wing, — availability service, 


K | k=1 
Au ai 
Wine Ob = out, Sows — authenticity service, 
Aff Aff = Aff Aff : : 


U 


WhEPE Wregs Wicgis Wings Wings Wire are the expert weights of the security services: confidentiality, 
integrity, availability, authenticity and involvement; 007.4, Oljp5s Ojegi» ing» Ling — Weighting factor 
of the security service: confidentiality, integrity, availability, authenticity and authenticity of the 
manifestation of the /-th threat attack; 


— for CPS: 


1 

Ct dantiali 

Wopsioas) = 4 ey Wo — confidentiality service, 
k=1 


4 K 
k=' 


4 K 
a A A ‘Tahili ; 
Wepg Opps; = a ue — availability service, 
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k=1 
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WhEPE Weog, Weg: Wangs Wang, Wang are the expert weights of the security services: confidentia- 


lity, integrity, availability, authenticity and involvement; Ot/55,, Otfpg;» apg» epg, Ong — Weighting 
factor of the security service: confidentiality, integrity, availability, authenticity and authenticity of 
the manifestation of the /-th threat attack. 
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Ath step. Determining the implementation of several threats to a security service: 


M M 
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where IV is the number of several threats that are selected by the expert from the set ite which 
is a subset of the entire set of threats of the classifier, that is M<N. 

When forming metric coefficients, it is believed that the results obtained are independent 
threats, in case of their dependence (coincidence of tuples of threats), it is necessary to use the 
expression for determining the total probability of dependent events: 


P(AB) = P(A) + P(B) — P(AB). 


oth step. Determination of the total threat by security components, taking into account the 
expression (2.6): 
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To determine the generalized synergistic threat: 


Wy .65.51 = wr U Wwe U WwW 


synerg synerg synerg synerg * 


To determine the generalized synergistic threat, taking into account its hybridity for ICS: 
Wien non a a () Wessynerg () Weessyner () Weessynerg () Vie wen 
To determine the generalized synergistic threat, taking into account its hybridity for CPS: 


a War 


CPSsynerg * 


hybrid C,/,A,Au,Aff __ C | A Au 
W, ~~ Wepssynerg (1 W ossyerg () Weossymnerg (1 W, 


CPSsynerg CPSsynerg 


To determine the generalized hybrid synergistic threat: 


hybrid /S,CS,S! __ ya hybrid C,!,A,Au, Aff hybrid C,/,A, Au , Aff 
Wsnerg ~ Wh essymerg U Wossymnerg 


6th step. Determining the economic costs of preventing an attack. 

The introduction of cost indicators of threats allows implementing an algorithm for 
constructing a rating of potential threats and the importance of information resources to 
be protected. 

The algorithm proposed in [36] implements the following actions. Both sides of the attack 
are determined by the importance (rating) of the attacks that are economically feasible. 

1st step. Determination of attacks, the effect of which exceeds the costs of their imple- 
mentation: 


Tr’ = {Tr |(P' a0) 0} VIr er, (2.7) 


where Tr,’ — a set of the potential threats, the implementation of which is effective for the 
attacker; Tr — threat to the i-th information resource; P* — cost assessment of the success 
of the attack on the /-th resource by the attacker; C4 — the cost of an attack on the /-th resource 
by the attacker. 

2nd step. Determining the direction of protection, which provides an effect higher than the 
cost of their provision. 


Tr? = {Tr (P° -c?)> OF VIr, Tr, (2.8) 


where Tr’ — a set of the threats against which it is economically feasible to build protection; 
P° — assessment of the cost of the loss of the i-th information resource for the defense: 
C’ — the cost of protecting the i-th information resource for the protection side. 

ard step. Determination of importance factors for attackers. Defined as a share of the win- 
nings of the total winnings that can be obtained potentially when implementing the entire range 
of threats to attackers: 
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A ar 
jt, VIr, € Trp,M = [Tre (2.9) 
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where K* is rating coefficient (importance) of the threat to the i-th information resource: 
M is the power of a set of selected potentially effective threats to the attacking side. 
4th step. Determination of importance factors for defenders. Defined as the share of the 
winnings of the total winnings that can be obtained potentially when implementing the entire 
range of protective measures: 
D D 
= meen Vir € Try N= (Ire, (2.10) 
(pc 
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where K" is the rating coefficient (importance) of building the protection of the j-th informa- 
tion resource. 

oth step. The selection of critical threats based on the evaluation of the product of the impor- 
tance coefficients of the attacker and the attacker is maximum: 


Tr = arg max K? x K?. (2.11) 
VIn elre 
Thus, the main difference of the proposed approach is the ability to take into account not only 
the opinion of experts, but also to form an objective assessment and integration of threats, which 
allows forming their synergistic effect and hybridity. In addition, the use of the ISO model in the 
classifier allows you to «identify» critical places in the infrastructure not only of cyberphysical sys- 
tems, but also in synthesis with Internet technologies of cyberspace and «G» technologies. This ap- 
proach intuitively allows you to focus on the weak points of comprehensive protection, taking into 
account economic costs in the face of low funding and the «profitability» of an attack by attackers. 


2.6 DEVELOPMENT OF THE SPATIO-TEMPORAL STRUCTURE OF THE MODEL BASIS FOR THE 
CONFLICT-COOPERATIVE INTERACTION OF SECURITY AGENTS 


To predict the possible behavior of the attacker, justify the choice of countermeasures at the 
systemic level of cyber threats and calculate the required amount of investment in cybersecurity 
with an appropriate distribution of areas and time of investment proposed a concept of modeling 
the behavior of security agents, which is implemented at three levels (level of security system, 
level of individual agents, level of group of agents) and is aimed at ensuring the security of business 
processes of the organization, which allows you to create a contour of business processes of the 
security system (Fig. 2.9). 

The following notation was used to formally describe the model basis of the concept of mo- 
deling the behavior of security agents. 
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CONTOUR OF BUSINESS PROCESSES OF THE SECURITY SYSTEM 











O Fig. 2.9 The concept of modeling the behavior of security agents 


For the ontology model: C — the set, elements of which are called concepts; H° — hierarchy 
of concepts; A — the set, elements of which are called relations; re! : R > C x C —a function that 
correlates concepts not taxonomic; dom: R — C — function that specifies the subject area R,, 
and range(R): To(rel(A)) sets its range. 

For the decision-making and training model: w — specific situation; W — the set of all possible 
situations; DM, — the decision made by the /-th agent. 

For the model of self-organization: & — system structure; @ — system function; A, — emer- 
gence relations; G — set of goals; A — relations of adaptability; P — a set of memory elements; 
© — set of time points. 

The following definitions are defined: 

— definition 1. Critical business processes — processes whose improper organization or non- 
compliance with the requirements for their implementation may pose an actual or potential threat 
to product quality and, consequently, to business efficiency: 

— definition 2. The contour of business processes of the organization — a set of information re- 
sources and related business processes, the implementation of which in a given Sequence ensures 
the achievement of the goal of the organization: 


gee ioe Uae ake ee Oe cr ia Nt, (2.12) 


where 5° — business process contour as a set of business processes, each of which represents: 
S*' — j-th business process, defined by the structure of the links of individual business operations 
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that are performed in a certain sequence; /R®” — a set of information resources of the i-th busi- 
ness process; 7°” — a set of threats affecting the i-th business process; 

— definition 3. The contour of business processes of the security system — a set of business 
processes and the resources necessary for them, the implementation of which ensures the proper 
functioning of the contour of business processes of the organization: 


ger (8 eae a ee Sa a ). (2.13) 


where S®° — security business process contour as a set of business processes, each of which 
represents; 5°’ — j-th business process, defined by the structure of the links of individual busi- 
ness operations that are performed in a certain sequence in the security system; /R°°' — a set of 
information resources protected by the /-th business process of the security system; 7° — a set 
of threats, protection from which provides the i-th business process of the security system. 

The security system business process contour combines business processes: security mana- 
gement, ensuring security, implementation, planning, testing and improvement. 

At the first level of the Concept, the proposed ontological model is used as a carrier of know- 
ledge about conflict-cooperative interactions of security system agents. The formalized ontology 
model is proposed as follows: 


0= \C,H°,R, relC — C,dom(R) = I (rel(R)), range(R) = TI(re/(R))f, (2.14) 


where C — the set, elements of which are called concepts; H°:H° — hierarchy of concepts, 
at H® <CxC; R — the set, elements of which are called relations, C and R do not intersect: 
rel: R + CxC —a function that correlates concepts not taxonomic; dom:R—C — function, 
with dom(R) = I1,(re/(R)) sets the subject area R, and RC with range(R) : T1.(rel(R)) 
sets its range. For re/(R) =(C,,C;) write down R(C,,C,); A° — a set of axioms of the ontology, 
expressed in the corresponding logical language. 

The analysis of the classifier of existing threats, which is proposed in [56], allowed to for- 
mulate the relationship between hybridity and synergy of threats depending on their type and 
direction. The threat classifier introduces a platform of cost indicators of attacks, which allows to 
assess threats in terms of economic efficiency of their use and counteraction to them. The pro- 
posed scale of measuring the value of losses for expert evaluation in the form: {insignificant, low, 
medium, high, critical}. Let’s mark: j— current threat number | \ , k —the current number of 
the expert who performed the assessment (4 . The average value of the experts’ assessment 
of the cost of losses for all threats for a certain contour of business processes for defenders, and 
the cost of the whole set of attacks for attackers can be written as follows: 


r M eK ie , 4 M eK r 

P; ~ Keg Ph Ch = Kan Pw (2.15) 
P M eK a M eK 7 

F ~ Kev 2 a OP C, — Reg ye Fi 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


where K — number of experts, / — the number of business transactions that may be targeted by 
the threat, co; —he criticality ratio of the business process to which the relevant business transac- 
tion belongs, p,,— assessment by the k-th expert of the cost of losses from the i-th threat of the 
j-th business process (the upper index identifies A — the attacker, D — the defender), c,,— similarly 
for the cost of making threats. 

At the second level of the Concept the questions of behavior of separate subjects of security 
system are considered and models of their behavior, namely models of decision-making are con- 
structed (M2) and training models (M, ): 


M, = \Mp".M, t. 


At the third level, the Concepts of the previous level model are used to build models of group 
behavior, namely models of coordination, adaptation and self-organization: M, = {M;.Mj,M," }. 

Thus, the concept of modeling the behavior of interacting agents is developed, the basis of 
which is a three-level structure of modeling the subjects and business processes of the contours 
of the organization and security system. The proposed concept differs from the existing ones 
by using a synergetic model of threats in the formation of areas of protection of information 
resources of the business process contour. 

Based on the purpose of the methodology, it should reflect the processes of behavior 
from two sides. On the one hand, display the processes that are related to the behavior and 
characteristics of an individual security agent. And on the other hand — the behaviors and pro- 
cesses that arise as a result of the joint functioning of agents. It is necessary to pay atten- 
tion to modeling the environment of agents, because such an environment is a carrier of sys- 
tem-forming functions that significantly affect the behavior of a party to the conflict and their 
characteristics. 

Within the framework of the proposed concept, a sequence of development of models, me- 
thods and algorithms that make it up is formed. The process of building the methodology consists 
of 4 stages. 

Stage 7. Analysis of BP contours and possible attacks on them: 


gee \(s® RE Te cea Gre Ines ie Nt, (2.16) 


where 5°” — business process contour as a set of business processes, each of which represents: 
5’ — j-th business process. given the structure of the links of individual business transactions that 
are performed in a certain sequence; /R®"' — a set of information resources of the /-th business 
process; 7°" — a set of threats affecting the /-th business process. 

Stage 2. Development of level models of individual security system agents: 


M, ={Me.My}, 


where VI, — agents group model; M2 — model of agents group behavior; MM, — agents group 
training model. 
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Stage 3. Development of system-wide level models: 
Mg = {Ms,Ms’ }. 


where ., — system-wide level model; MM; — coordination models; M:° — model of self-organization. 
Stage 4. Development of methods for determining the most likely threats and assessing their 
cost indicators: 


Tr = arg max_K? x K?, (2.17) 


VTn Tne 


where K* — rating coefficient (importance) of realization of threat to the i-th information resource: 
K : — rating coefficient (importance) of building protection of the j-th information resource. 

The following is a set of models, methods and algorithms that form a particular level of meth- 
odology, with a brief description of the content of this level. It is clear that all the processes that 
take place in the contours of business processes, the security of which is provided by security 
agents, are significantly affected by threats that are aimed at disrupting the normal functioning of 
business processes. Threats are realized through attacks on all components of security, namely, 
cybersecurity, information security and information security. As a result, the analysis of the con- 
tours of business processes as the main purpose of non-directed threats, it is necessary to begin 
with the analysis of the threats, the set of which with the relevant indicators reflects the classifier. 
The compliance of the threat classifier with all models, methods and algorithms of the methodo- 
logy determines and guarantees the effectiveness of the methodology for modeling the behavior 
of security agents in general. Thus, the analysis of the contour of business processes must begin 
with the analysis and improvement of the threat classifier. A new platform has been added to the 
threat classifier to the existing platforms 1—4 — a platform of attacks cost indicators. This allows 
to assess the threats in terms of economic efficiency of their implementation and counteraction 
to them. The improved classification of threats to the security of information resources, in con- 
trast to the existing ones, contains indicators of the cost of the threat and countering the threat. 
The use of an advanced classifier also allows you to assess the likelihood of a threat and develop an 
effective defense strategy (Fig. 2.10). At the level of individual agents, the basic model is a model 
of a reflexive agent (Fig. 2.11). 

Marks in Fig. 2.10 have the following meaning: 

— for the ontology model: C — set, the elements of which are called concepts; H° — hierarchy 
of concepts; A — set, the elements of which are called relations; re! : R > C x C —a function that 
correlates concepts not taxonomic; dom: R — C — function that specifies the subject area A, and 
range(R): TTo(rel (R)) sets its range: 

— for the business process contour model, the labels were described earlier; 

— for the threat classifier: / — current threat number {i \ , K — the current number of the 
expert who performed the assessment {ky ;P*, C* — average values of experts’ assessment of 
the probability and cost of carrying out attacks on all threats; P.’, C? — similar scores for defenders: 
K — number of experts, VW — the number of business operations that may be targeted, o, — the 
criticality ratio of the business process to which the relevant business transaction belongs. 
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LEVEL OF THE SECURITY SYSTEM 
Ontology model 
7 ead > C,dom(R) = TT( 
~ |range(R) = Tl(re/(R)) 


Contour of business processes of the security system 
Business processes 
Ses _ Mor RST) a(S yee ) 


Business processes contour 
SS SRST) Se RS eT), 


Pr 4r 4°P 
1.8. Determination of the generalized synergetic threat THREAT CLASSIFIER 
taking into account hybridity Platform 5: classification of threats by levels of 


ie CIA Au ; damage: critical (01), high (02), medium (03), 
Won = Wo, Won Won Won | How (04), insignificant: (05) 


a: 
1.7. Determination of the generalized synergetic threat Platform 4: classification of threats by levels of 


ISCS,SI _ yy!S cs SI hierarchy of infrastructure of a contour of business 
Ws Won U Wen U Won processes: FL — physical level (01), NL — network 
level (02), OSL — level of operating 
systems (0S) (03), DBL — level of database 
management systems (04), BL — level of 


1.5. Determination of the implementation of threats to technological applications and services (05) 


the security service: £; / A, Au 


a: 
1.4, Determination of = | . Platform 3: classification of threats according 
Implementation wih =F, i to security services: confidentiality (01), 

of the th threat integrity (02), accessibility (03), authenticity (04) 


Platform 2: classification of threats by the nature 
of orientation: regulatory (01), organizational (02), 
engineering (03) 


Platform 1: classification of threats by security 
components: cybersecurity (01), information 
security (02), information security (03) 





O Fig. 2.10 The main components of the | stage of building 
the methodology (level of security system) 


In Fig. 2.11 the following marks are used: w — specific situation; W — the set of all possible 
situations; DM, — the decision made by the i-th agent; a, — actions of the /-th agent; G — goals 
pursued by the /-th agent; e(D/Mi) — an agent's error when his decision does not meet his purpose; 


04 


2 METHODOLOGY FOR COOPERATIVE CONFLICT INTERACTION MODELING OF SECURITY SYSTEM AGENTS 


f — agent situation assessment function; cf — the function of coordinating the decision of the 
i-th agent with the decision of other agents of the environment; fh. — threat resistance selection 
function; ch — function of coordination of a choice with a choice of other agents. 


LEVEL OF INDIVIDUAL AGENTS ll STAGE 
Model of decision-making by a single security system agent 











mistake of agent / 
e(DM,) = 2, D(w)Pr[OM (w) #G,(w)]=Pr,, | DM,(w) # G,(w) | 
£ e a3 £ 


decision function for the agent / an objective function for agent / that takes 
into account the behavior of the 
piceeas. environmental agents G.:W >A 


i 2 __ = a: 
Criteria for assessing the functioning of the agent 


the total entropy of the set of attacks blocking assessment 

















H(X) = > p,(x)log, p; (x) 





bandwidth blocking information coordination of DMP work: 
G, = H(z) -H, (z) G, = H(z)-G, G, ST (Zhi Pee th) 

















O Fig. 2.11 The main components of the Il stage of methodology 
construction (level of individual agents) 


The resulting model of the first level of methodology is a model of the ontology of the re- 
lationship between the agents of the parties to the cyber conflict, which can be considered as 
a carrier of knowledge about the subject area. To build the model, the approach of automated 
construction of ontology based on various scientific sources (planar texts) TextToOnto was used. 
The model of ontology of behavior of agents in the conditions of the conflict contains basic con- 
cepts of processes of interaction of agents of security systems, and also the concepts reflecting 
interaction of agents of opposition, instead of technical parties of cyberconflict. This orientation of 
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the ontological model allows to justify the choice of the model of behavior of antagonistic agents 
in the conditions of hybrid threats. 

The main assumption of building a model is the assumption that the decision maker is consid- 
ered as an information channel. In this case, the main indicators of its functioning can be obtained 
using information theory. These include bandwidth, generation, blocking and coordination of infor- 
mation. These indicators can be used for both an individual agent and a group of agents. 

The basic function of a security agent is the decision function. These decisions can concern 
both the process of assessing the situation and determining the type of threats, and the definition 
of countermeasures. The basic model of decision-making proposed at this level by a single agent 
implements the decision-making process in two stages. Each of these stages (assessment of the 
situation and the choice of means of counteraction) involves the coordination of the formed as- 
sessment with the assessments of other decision-makers. The presence in the dynamic model of 
behavior of an individual agent of information exchange processes at all stages of decision-making 
with other cooperating agents in contrast to existing models is a significant difference. Taking into 
account this feature of decision-making behavior significantly affects the effectiveness of business 
process protection processes from cyberattack in the conditions of hybrid threats. Such an ex- 
change can be considered as a basis for the formation of scenarios of group behavior. 

The second feature of the model is the ability to assign a level of reflection, which allows the 
opposing party to build a model of possible behavior of the opposing party to the conflict. Thus, 
a zero level of reflection indicates that the security agent has no information about the agent envi- 
ronment of the confrontation. Whereas the first level of reflection indicates that the agent has an 
idea of functioning in the environment of other agents. The second level indicates that the opposite 
side of the conflict is also reflexive, i.e. has a model of behavior of the opposite side, and so on. The 
recursive model of the reflexive agent contains models of the behavior of the attacker and allows 
you to model the probable actions of attackers, and thus predict the consequences of decisions 
made by the defense. Analysis of the reflexive abilities of agents shows that it is impractical to 
implement reflection above the 2nd level. 

The second feature of the model of an individual security agent is the ability to take into ac- 
count the learning processes in the process of combating cyber threats. The learning processes 
also reflect the reflexive properties of agents. In traditional learning models, it is possible to 
accumulate information about changes in the behavior of the opposite side of the conflict and to 
make predictions about the actions of the opposite side of the conflict. That is, one’s own behavior 
is carried out within the framework of formal decision-making theory as a game against passive 
nature. And training in the face of the active side of the conflict takes into account that the enemy 
is an active agent, has its own goals and responds based on their own goals and taking into ac- 
count the previous actions of the enemy. That is, the opposite side is active and also implements 
the learning process, ie the choice of reaction should be analyzed on the basis of game theory and 
taking into account the reflexive abilities of the agent. 

Thus, at the level of individual agents, models of training of reflexive agents are proposed, 
which differ from the models of traditional training in that they take into account the change in the 
behavior of environmental agents. To assess the quality of training and the dynamics of processes, 
the use of the following indicators is proposed: the rate of change of agent decisions, the rate 
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of change, the retention rate, and the generalized volatility ratio. The proposed coefficients show 
how long the agent will adhere to the decision, the agent’s willingness to review the previous 
decision and his ability to respond quickly to changes in the environment of confrontation. 

In contrast to the existing ones, the proposed model of agent training takes into account the 
multi-agent operating environment, which allows to adapt the behavior of the agent in a dynamic 
environment. In other words, when training, the agent takes into account the fact that he is in the 
process of confrontation with an active opponent. An active opponent may have his own goals, is 
characterized by an appropriate level of rationality, and has the ability to learn. 

To develop models of the third level of methodology, the model of behavior of an individual 
agent is modified to take into account the dynamics of processes and interactions of individual 
agents. That is, the agent's reaction is formed not only under the influence of the obtained results 
of the situation analysis, but also taking into account similar decisions made by agents of the 
dynamic environment (Fig. 2.12). In Fig. 2.12 the following notation is used: 

— W={w} — set of confrontation states (information about cyberattacks); 

— A={a} — the set of actions that an agent can perform; 

—Z={Z} — the set of states in which the agent may be; 

~z,(¢+1) =F (z,(¢),u,(¢),w, (t)) — transition function; 

— u,(t) = 9,(z,(t)) — aggregation function: 

—a,(t) =h,(z,(t),u, (¢)) — local output function: 

-C=c,(z,(¢),z,(t +1),u,(t),w,(t)) — local cost function. 

The level of the agent group should include various methods of coordination in the security 
agent groups. Different methods of coordinating the behavior of agents are explained by the fact 
that the method takes into account the level of reflexivity of the agent. Thus, the method of coor- 
dination without communication reflects the fact that the agent has the Oth level of reflexivity, 
i.e. it is an agent that in no way takes into account the functioning of such agents. When the 
agent builds a model of the opponent's behavior, which in turn is also my model of the opponent's 
behavior. The use of different methods of coordination allows to organize cooperation between 
security agents to ensure the tasks of cyber security in a fairly wide range of operating conditions. 

The application of the proposed characteristics to assess the effectiveness of the functioning 
of agents can be demonstrated by the example of two structures of interaction of agents. The 
first structure is parallel, when agents work together, possibly independently, coordinating their 
actions independently. 

In the second structure, one of the agents coordinates the work of the other two agents. 
Knowledge of the specific characteristics of agents, in particular their effectiveness in making 
decisions and coordinating work, will allow to make a conclusion which of the structures is more 
effective in terms of productivity of a group of agents. 

The method of assessing the effectiveness of the structure of interaction of a group of secu- 
rity agents allows to justify the choice of the structure of interaction, as well as to distribute the 
functions of protection of business process resources, which provides increased security of the 
business process. In contrast to the existing ones, the proposed method considers the agent as 
a processor of information with appropriate characteristics and is based on information processing 
processes and relevant characteristics of the effectiveness of the security system. 
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LEVEL OF INDIVIDUAL AGENTS Ill STAGE 


agent training indicators: 
the rate of change of the agent 
Vw C, = Pr| DM" (w) # DM (w)|DM; (w) # G; (w) | 


coefficient of change 


Vw I= Pr| DM;""(w) 4 G; (w)|DM; (w) a G(w) | 


retention coefficient 
vw r, = Pr| DM/"(w) = DM; (w)|DM; (w) # Gi(w) | 


volatility coefficient 
Vw v, =Pr| G""(w) « Gi(w) | 


Models of training of reflexive agents 


DM" 


traditional training training of reflexive agents 





O Fig. 2.12 The main components of the Ill stage of 
methodology construction (level of individual agents) 


The final model of self-organization combines models of the structure and functions of the 
security system, the relationship of emergence and adaptability, as well as sets such as sets 
of goals, memory elements, moments of time and input influences. The self-organization model 
provides the construction of a robust security system in the conditions of synergetic and hybrid 
threats, is based on the synergy of advanced models, and provides the emergent properties 
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of business processes in the security loop. The ability to aggregate models that focus on hybrid and 
synergistic threats, significantly distinguishes it from known similar models (Fig. 2.13). 

In Fig. 2.13 for the model of self-organization used the following notation: & — system 
structure; ® — system function; R,, — relations of emergence; G — set of goals; A — adap- 
tive relations; P — a set of memory elements; © — set of time points. 


AGENT GROUP LEVEL IV STAGE 
Model of self-organization 


M, =(2,,R,,G,A,P,) 


Parallel structure of agents’ functioning Hierarchical structure of agents’ functioning 


methods of coordinating the behavior of agents of the contour of business processes 
of the security system 


Method of coordination with abstraction 
u; = argmin, max, w,(2:%,.%/,0,7] + V,(x;) +> Bylz, +) r,|( 
z fae = 
Coordination method for a Iimited horizon 
u; = argminmax,, {¢/(x;,Z,,u;) + V/(x')} 


Method of coordination with the forecast 
U; = argmin,, W,(Z):X;.X7.U).t;] + V7, (x7) 


Method of coordination without communication 
u,(t) = argmin {c, (x(t), x(t +1),Z,(t),u, (t)) +7, (x, (t+ 1))| 





O Fig. 2.13 The main components of the IV stage of methodology 
construction (agent group level) 
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The main purpose of developing a methodology for modeling the behavior of agents is to 
increase the level of security of the business process of the organization. This is done by obtaining 
an estimate of the likelihood of an attack on business processes and information resources that 
ensure their functioning. The proposed algorithm for assessing the economic effectiveness of the 
threat and countering them allows you to identify the most likely threats aimed at violating the 
security of information resources. 

As aresult, economically justify the distribution of limited funds between different information 
resources and business processes that require protection. The proposed algorithm for determin- 
ing the most likely threat allows to organize an effective allocation of limited funds to protect the 
resources of the contour of business processes. This is done on the basis of using the results of 
modeling the behavior of cooperative-antagonistic agents, to determine and assess the likelihood 
of a threat. 

The model of determining the most probable threat allows to organize an effective allocation 
of limited funds to protect the resources of the contour of business processes based on the re- 
sults of modeling the behavior of cooperative antagonistic agents to determine and calculate the 
probability of threat. The proposed evaluation algorithm takes into account possible decisions on 
the attack and counteraction to it, made by all parties to the cyber conflict in terms of synergy 
and hybrid threats. That is, taking into account the decisions of all parties to the conflict, which 
have reflexive properties and reflect the cost of resources to be protected, and the cost of the 
attack, is a significant difference between the proposed algorithm. 

As aresult, the algorithm allows you to identify the range of resources that are most likely to 
carry out cyberattacks (Fig. 2.14). 

A graphical representation of the levels of representation of models, methods and algorithms 
as components of the methodology for modeling the behavior of agents is shown in Fig. 2.15. 

The safety assessment method is based on the assumption that the safety assessment is 
described by Gaussian law. 

Notation in Fig. 2.14 have the following meaning: 7r/ — set of potential threats, the imple- 
mentation of which is effective for the attacker; /r, — threat to the i-th information resource; 
P” — assessment of the cost of success of the attack on the i-th resource of the business process 
by the attacker; C* — the cost of an attack on the i-th resource of the business process by the 
attacker; Tr” — set of threats against which it is advisable to protect in terms of value; P” — as- 
sessment of the cost of loss of the i-th information resource for the defense party; C;’ — the cost 
of protection of the i-th information resource for the defense party; K* — rating coefficient (im- 
portance) of realization of threat to the /-th information resource; /V — power of a set of selected 
potentially effective threats to the attacking party; K ‘ — rating coefficient (importance) of building 
protection of the j-th information resource. 

Thus, the proposed methodology for modeling the behavior of interacting agents, the ba- 
sis of which is a three-level structure of modeling entities and business processes of se- 
curity systems and organizations, increases the level of security of business processes by 
reducing 1.76 times the number of hybrid threats, which reduces losses by 1.65 times and 
increases the time of choice of means of resistance by reducing by 38 % the time to identify 
the threat online. 
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The combined use of mathematical modeling methods, the theory of adaptation and artificial 
intelligence methods (training, pattern recognition and problem-solving planning) with the cor- 
responding creation of ontologies of cybersecurity systems that ensure the filling of databases, 
models and knowledge will allow you to implement an effective adaptive decision support system 
that will be useful a tool for managers at any level at all stages of decision making and imple- 
mentation. The presented approaches can be used as a basis for building and operating decision 
support systems, increasing the area of application of such systems due to the formation of their 
adaptability properties. 

The proposed methodology is based on the combined use of all the above set of models, 
methods and algorithms. It can be argued that the combined use of models, methods and algo- 
rithms leads to a synergistic effect in the modeling process. The methodology allows to predict 
the possible behavior of the attacker, to justify the choice of countermeasures at the system 
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level of cyber threats and to calculate the required amount of investment in cybersecurity with 
an appropriate distribution of security components and investment time. 
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The effectiveness of the proposed methodology should be supported by the implementation 
of the following principles: 

1. The principle of continuous monitoring of compliance with cybersecurity requirements. 

2. The principle of reproduction and evidence of information about the level of cybersecurity 
at the protected object. 

3. The principle of systemic management of the functioning of the cybersecurity system of 
the protected object. 

4. The principle of preventive measures of cybersecurity. 

9. The principle of synergetic elements. 

summarizing, we can state that the synergy of cybersecurity is actually a real requirement 
of practice, since This property of systems, which gives a multiplier effect, is especially impor- 
tant in the context of a time limit, and if cyber attacks are detected and prevented at the initial 
Stage, this by orders of magnitude reduces the levels of all types of risks of the functioning of the 
business processes of the protected organization. 
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MATHEMATICAL MODELS OF INFORMATION PROTECTION IN SOCIAL NETWORKS, 
TAKING INTO ACCOUNT THE SPECIFICS OF THEIR PARAMETERS 


ABSTRACT 


The development of mathematical models for assessing the stability of the information protection 
system in social networks, which is based on the analysis of the parameters of the protection 
system. The models allow to study the parameters of system protection and realize the necessary 
actions to improve the information protection system, taking into account the nonlinear interac- 
tion of the elements of the protection system and external influences. The proposed mathematical 
model of the information protection system in social networks in contrast to the existing ones, 
allows an objective assessment of the equilibrium between information security threats and spe- 
cific parameters of the social network, such as information dissemination, network expansion and 
correlation coefficient. The improved mathematical model and method of increasing the level of 
information security, in contrast to the existing ones, takes into account the impact on the infor- 
mation security system of trust, reputation, correlation and clustering coefficient of the network. 
The application of the model and methodology allows analyzing the impact on the information pro- 
tection system of other situational parameters. 


KEYWORDS 


social networks, trust, reputation, protection factor, correlation. 


In today’s world, information needs reliable protection: from unauthorized access and distribu- 
tion, accidental deletion or alteration. All developed European countries are concerned about the 
problem of information security, as well as the protection of personal data of citizens [105-107]. 
This is due to the fact that informatization and digitization of information have become widespread 
in all areas of human activity, including the storage of personal and work data. 

Mass production, implementation and operation of information systems have led to a range 
of new problems in the field of personal security and security of society and the state. Attention 
to these problems is natural [106, 107]. If a commercial organization allows the leakage of more 
than 20 % of important internal information, it goes bankrupt in 60 cases out of 100 [108-116]. 
Analysis of statistics shows [115, 117] that 93 % of companies that left free access to their own 
confidential information for more than 10 days, left the business. At the same time, half of them 
declared their failure immediately. 

The need for information security is due to the fact that there are many entities and struc- 
tures that are very interested in other people's information and willing to pay a high price 
for it. Thus, the cost of eavesdropping devices sold in the United States alone averages about 
$ 900 million per year [108]. The total damage suffered by the auditioned organizations is about 
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$ 8 billion annually in the United States. But there are exist and, accordingly, purchased devices 
for unauthorized access to digital information and intrusion into information systems, intercep- 
tion and decryption of messages, etc. As a result, according to SANS Institute, in the US the 
average amount of damage from one attack on a corporate system for banking and IT sectors 
of the economy is about half a million dollars [118-121]. The approximate structure of the 
consequences of inefficient information security in American organizations from the total annual 
damage is as follows [117-119]: 

— theft of confidential information — 20+25 %; 

— falsification of financial information — 21+25 %: 

— infection with malicious programs — 11-12 %: 

— violation of access to Web-sites — 1+11 %; 

— failure of the information system — 4+10 %; 

— illegal access of employees to information — 4+9 %; 

— other types of damage — 14+33 %. 

social networks are one of the main methods of communication, connection search and ex- 
change of both public and confidential information. The share of social networks among general 
networks is constantly growing. The network itself acquires new properties, acting as an inde- 
pendent factor. 

Because the information in the global network exists outside of space and time, the network 
itself becomes an active agent of human influence, keeping, above all, large amounts of data pub- 
licly available. In recent years, the vision of the problem of cybersecurity has begun to change sig- 
nificantly, as not only the financial and economic interests and capabilities of human continue to be 
the subject of cybercrime, but the human itself is increasingly becoming the object of cybercrime. 

This problem is especially exacerbated with the strengthening of the digital humanistic nature 
of education and the growing role of social networks in human life in general. 

The protection of personal data in today’s information life is perhaps the most important 
aspect in meeting the safe use of all the capabilities of current technologies. Therefore, the 
problem of studying the parameters of social networks for their further use in solving problems of 
information protection and personal data is very relevant. 


3.1 SPECIFIC PARAMETERS OF SOCIAL NETWORKS AND THEIR IMPACT ON THE SECURITY 
OF USER INFORMATION 


The exchange of personal data, potentially, allows the use of social networks to solve a wide 
range of information problems, but there is a problem of data protection. Therefore, the issue of 
developing new mathematical models for assessing the dependence of personal data protection on 
trust and the amount of information on social networks is very relevant. 

What is trust — is a complex mental relationship (positions) [108]. The trust of the cog- 
nitive user X (his mental state), which characterizes his thinking, in relation to the chosen 
essence (user Y) about the expected behavior (action) o, which is important for achieving 
goal G (specific state of events necessary and desirable for the user X). User X essentially 
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delegates actions m to user Y. What are the mental components of user X’s trust in user Y? 
These are the following beliefs: 

— belief in competence: user X must believe that user Y can indeed complete the task and 
produce the expected result needed to achieve goal G; 

— belief in intention (disposition): user Y can not only able to perform the task, but also will 
perform it. 

Moreover, belief in intention is formed on the basis of five other beliefs [108]: 

— helief in readiness (willingness): user X believes (simulates the thinking of user Y) that 
user Y has decided and intends to perform action «:; 

— belief in sustainability (persistence): user X believes that user Y is stable in his intentions 
to take action o if user Y is predictable and has no disagreement about the action of :; 

— belief in addiction (dependence): user X believes that user Y is necessary to perform the 
task (strict dependence) or that it is better to rely on it than not to rely (weak dependence): 

— helief in self-confidence: user X must believe that user Y knows that he can do the ac- 
tion a. It's hard to trust someone who doesn't trust themselves. Finally, the last component of 
trust that comes from others; 

— belief in fulfillment (fulfillment): user X believes that goal G will be achieved (thanks 
to user Y), so he does not give up goal G, does not look for an alternative to user Y and achieves 
goal G through user Y. 

Let’s define types of trust [9]: 

— provision trust: describes trust when a person trusts a party to provide quality services by 
a service or resource provider (what we are considering) ; 

— delegation trust: describes the trust in the user (representative) acting and making deci- 
sions on behalf of the party he trusts; 

— access trust, as a special case of provision trust: describes the provider's trust in agents 
who are granted access to resources. This is access control; 

— trust in authenticity: describes the belief in the claimed authenticity of the user. Used in 
authentication systems [110]: 

— contextual trust describes the participant's degree of faith in the necessary systems and 
institutional mechanisms that support transactions and ensure network security [119] in the 
event that something goes wrong (insurance, legal system, law enforcement — also considered as 
a situational context of trust). 

Each type of trust uses its own methods to protect the system from malicious users. Strict 
security mechanisms are used for trust authenticity and trust access [112]: 

— communication channel encryption; 

— cryptographic authentication and authorization schemes; 

— policies for empowerment; 

— digital signatures and certificates issued by a trusted third party (the trust transitivity 
property can be used), etc. 

These traditional security practices will not be discussed further. In our further study, we will 
limit ourselves to examining trust in service delivery and trust delegation (although all of the above 
types of trust are, of course, interrelated) and methods of protection in online systems. 
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soft security mechanisms are used for trust in the provision of services and trust in dele- 
gation [113]. Service providers may provide inaccurate information, and traditional security me- 
chanisms cannot protect users from this type of threat. Trust and reputation systems can protect 
the user from such threats, moreover, they can protect the system itself (so-called Trusted 
systems). According to the type of trust, the subject of trust is determined: what is the focus of 
the trust of the subject (the area of the relationship of trust). For example, user Y is a «first-class 
programmer» and can therefore be entrusted with writing a program (provision trust). 

Consider the following concepts that we will use in our study. 

Actions. Actually, the actions taken by agents in transactions, based on trust in partners 
(different kinds of entities). For example: «Buy a laptop», «Accept information», etc. 

Feedback. After completing the transaction (interaction), agents can evaluate each other's 
actions (feedback) [10]. Appropriate measures are used for this purpose, the values of which are 
used to calculate reputation and trust. 

We can measure trust through different types of measures. The semantics of measures can 
be described in terms of specificity-commonality (specific aspect of trust — the average of all 
aspects) and subjectivity-objectivity (subjective opinion — objective assessment by formal criteria). 
Subjective and specific measures are used in questionnaires in which people express their opinion 
on specific things («Please rate the work of site X» on the rating scale «Terrible, Bad, Average, 
Good, Excellent»), thus forming subjective vector of trust. 

The problem with subjective and general measures is that they do not allow some aspects to 
be assessed. For example, the customer gave a low rating in the transaction because he did not 
receive the goods on time, but in fact the delivery service was to blame. 

Objective and specific measures are used, for example, in technical tests of the product, 
where the quality of the product is measured objectively (for example, on energy consumption, 
noise, etc.). Objective and general measures can be an example of calculations on the vector of ob- 
jective and specific measures. And then there is a repetition of the cycle. Feedback affects trust, 
trust affects the user's actions in the next transaction, and so on. (We can apply the scheme: 
reputation, trust, «reciprocity», trust, benefit). 

Methods of calculating confidence (computational models), the combination of sources of 
confidence signals, signaling, the collection of such signals and storage, risk assessment and 
decision making, as well as the manipulation of such systems are the subject of many studies [11]. 

Degree of trust — is a subjective confidence of beliefs, quantitative assessment depends on 
the quantitative assessment of components. When modeling aspects of trust, there is a need to 
take into account the factors (effects) that occur in social networks [9]: 

— reliability. Willingness to rely, delegate performance; 

— discretion. Not the monotony of trust (it is natural for a person to divide it into discrete levels); 

— subjectivity (personal trust) and asymmetry (if we trust someone, it does not mean that 
we are also trusted); 

— transitivity of trust (in the general case it is not transitive): 

— uncertainty of trust (it is difficult to clearly define trust, you can specify boundaries): 

— multifactorial (trust consists of many cognitive components: competence, etc.); 

— dependence on the context (circumstances and area of trust); 
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— dependence on recommendations and reputation: 

— connection with the concept of reciprocity («eye for an eye»); 

— dynamics (trust may change over time with or without experience): 

— trust is directly related to risk (vulnerability) and is taken into account when making 
a decision: 

— trust can be based on a history of interactions. 

separately, we will briefly consider the transitivity of trust, social networks and trust-related 
concepts of risk, risk threshold and decision-making. 

Transitivity of trust. In the general case, trust is not transitive [117, 119]. We don’t have to 
trust those, who are trusted by ones that we trust: user A trusts user B, user B trusts user C, but 
user A has every right not to trust user C (or if user A doesn’t trust user B, and user B does not 
trust user C, this does not mean that user A does not trust user C). But under certain conditions, 
trust can operate in a chain (has a length limit). At the very least, a previously unknown person rec- 
ommended to us by someone we trust will be trusted more than a stranger (for example, someone 
can trust a writer through a publisher, and a publisher can only be trusted because someone rec- 
ommended him). The context of trust is important here, and we look at trust in terms of reliability. 

social networking users come together to process information effectively, including to share 
information about trust and reputation. Users form so-called trust networks [12]. 

Risk, risk threshold and decision making. As already mentioned, the user usually determines 
the degree of trust, assesses the risk, and on its basis and on the basis of personal risk thresholds 
determines the decision about the possibility of interaction with a potential partner [109]. The 
user must trust (even if there is uncertainty of trust) and accept some probability of failure, i.e., 
take the risk. Risk determines the possible negative consequences of a decision. It is not enough to 
make some positive assessment of confidence; you need to assess the threshold of «acceptable» 
damage. The cost of losses can be too high for the user, even regardless of the probability of failure 
(perhaps very low) and the benefit (perhaps very large) if successful. That is, the danger is too high. 

In addition, it should be noted that trust can be irrational, unreasonable assessments of the 
components of trust [118]. 

Representation of trust. The value of trust is determined by: 

1. Domain. Values can be binary («trust»/»distrust»), discrete (labels denoting the set of 
natural numbers, natural for human understanding) and continuous (well supported by known 
mathematical theories, depending on the semantics of values of trust). Noteworthy is the idea 
of meaning with the semantics of «do not know» and «do not trust». Thus, in some models with 
a continuous domain, the trust value of the value «I do not trust»: [0; 1], where 0 is «| do not 
know», and 1 —| trust completely; in others 0 means complete distrust, 0.5 — «I do not know», 
1 — complete trust; in the third there is a range [—1; 1], etc. 

2. Dimensionality. Some models represent trust by one value and others by several (for example, 
<b, d, u> — trust value, distrust value, uncertainty value or interval confidence representation). 
A trustworthy measure of reputation/trust reliability needs to be considered separately (sometimes 
it is necessary to know how reliably the value of trust/reputation is obtained for a final decision). 

3. Semantics. In some models, the value of trust is represented by rating (directly indicates 
the degree of reliability, for example, «very reliable»), in others — rank (relative value, does not 
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indicate directly, is the basis for comparison), probability (expectation), faith (belief), fuzzy mean- 
ing. This also includes related issues of presenting the history of interactions, policies of trust, 
protocols of interaction, etc. in the form of rules, records, ontologies (Semantic Web). 

Calculation of trust. Trust can be quantified in different ways. Some approaches, including the 
semantic Web, use discrete values of trust (eg, trust, distrust, or neutrality), while others use 
a continuous range [121]. Algorithms for calculations can vary from a simple average value to the 
calculation of eigenvalues by adjacency matrices of the corresponding graph. Many approaches do 
not take into account the change in trust over time. In cases where a lot of information is required 
to calculate the trust or the information is constantly changing, it is usually suggested to use 
a local trust calculation instead of a global one. The following factors determine the differences 
between computational models [108]. 

Conceptual model. Computational models simulate trust either from a cognitive point of view 
as a function of fundamental beliefs (as a result of the user's mental state), or from a theoreti- 
cal-game point of view as a subjective probability (as a result of pragmatic play). 

Consider the theoretical-game approach [112]. In the social network there is a repetition of 
the N users’ game, each of which has uncertainty about the usefulness structures of other users. 
At each step, the user must simulate the actions of other users (based on their expectations of 
their actions), maximizing their utility functions. To solve the game, the concept of Nash eauili- 
brium is used, in which one-sided deviation is not beneficial to any of the users. It should be borne 
in mind that when an agent chooses certain actions, the expectations of other players may change 
and his reputation will change accordingly (feedback). Therefore, the behavior of users will change 
in the next stages of the game («tooth for tooth»), which will lead to a new balance. 

Disadvantages of this approach: 

— players who play over a long period of time are considered (and in large online communities, 
multiple interactions between players are rare — but can probably be used in narrow professional 
thematic communities) ; 

— people are limited rational; 

— interactions of some users are considered separately from other interactions: 

— problems of reputation mechanisms are practically not taken into account; 

— information of trust and reputation for probability with increasing complexity of the model 
is insufficient. 

Sources of information for calculating reputation, trust. To calculate the reputation, trust is 
used as traditional sources: direct experience and indirect information (from witnesses), and less 
common, for example, information related to the social aspects of user behavior [106]. The right 
combination of these sources can increase the reliability and accuracy of the calculated value of 
trust/reputation, although it increases the complexity of the model and requires smart users to 
process the information provided. 

Direct experience. The most reliable source of information. Includes both experiences gained 
in direct interaction with a partner and experience based on observing the interactions of other 
users (rarely used in modern models, within the system scenario). 

Indirect information (from witnesses). Witness information (so-called word-of-mouth informa- 
tion or indirect information). Although such information is often used, it is more difficult to use in 
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models of trust and reputation due to the uncertainty of how such information was obtained (may 
be hidden or distorted by witnesses in their own interests) [110]. 

Sociological information. The basis of this knowledge is the social relations between agents (trade, 
competition, cooperation, etc.) and what roles they play in society. Both social relationships and user 
roles influence his behavior and interaction with other agents. Social network analysis (SNA) methods 
are used to analyze social structures and their relational aspects [111]. Only a few models use this type 
of information to improve the calculation of trust and reputation values, as modern systems contain vir- 
tually no such information. However, in the future, increasing the complexity of multi-agent systems, en- 
riching them with various complex relationships will increase the importance of this type of information. 

Contextual dependence. Obviously, trust/reputation is generally context-dependent, i.e. situa- 
tion-dependent. Most often, computational models consider the context of the subject area: if we trust 
the teacher of the Ukrainian language in matters of spelling, it does not mean that we should trust him 
in matters of organizational management. In multi-context trust/reputation models, reputation/trust 
values are associated with each user for each context. Usually, information in systems is not enough, 
So a good multi-context system must use it properly in different contexts. The introduction of multiple 
contexts complicates the system and at this stage of development, modern systems use only one 
context in connection with the solution of limited, specific tasks (all user actions occur in one context). 

Assumptions about user behavior. Ability to deal with agent manipulation. There are three 
types of models: 

1. The model clearly does not take into account such users, it is believed that a large number 
of users who provide reliable information neutralizes unreliable. 

2. The model assumes that agents can hide information or overestimate/underestimate, but 
they never lie. 

3. The model uses special mechanisms to combat liars. 

«Discrimination». To calculate the trust/reputation of the model, sometimes mechanisms are 
used that distinguish users who enjoy a certain reputation into groups on certain grounds (for 
example, behavior). 

Using global or local values. The value of reputation is global [120] (one for each user), the 
value of trust is personal (for each pair of users). In the first case, the value of reputation is 
calculated based on the opinions of users who have interacted with data in the past. This value 
is available to all users and is updated each time a new thought appears. In the second case, the 
personal value of user X is set from the point of view of user Y based on direct experience, indirect 
information obtained from other users, known relationships between users, etc. 

Global values are used today in most online systems designed for scenarios with thousands 
or even millions of users. The size of these scenarios makes it virtually impossible to re-interact 
between the same users, and therefore reduces the incentives for users to collaborate to build 
profitable relationships. The reliability of these systems depends on the number of opinions. A large 
number of opinions minimizes the risk. In simple questions, the use of global values is permissible, 
but not for complex and subjective issues [107, 109]. 

Personal/local values are used in small and medium-sized systems, where interactions are 
frequent and strong connections are established between users. This reasoning is even more 
important in the context of social networks. 
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Reputation systems [108]. Reputation systems must have three properties: 

1. Agents must be long-lived so that future interactions are expected in each interaction. There- 
fore, it must be difficult for an agent to change his «nickname» to get rid of the interaction history. 

2. Estimates of current interactions should be published and disseminated. This is provided by 
the protocol in the system, and for distributed systems as opposed to centralized systems this is 
a problem. For the system to work, participants must be prepared to provide assessments, and 
appropriate incentive mechanisms must be developed. 

3. Estimates of past interactions should be considered when making decisions about current 
interactions. It depends on the ease of use of such a system. Note also the main differences 
between the systems of reputation and trust: 

1) trust systems calculate values that reflect the participant's subjective opinion about the 
reliability of the user, and reputation systems display the value of the user's reputation based on 
information from the whole community; 

2) transitivity is a direct component in systems of trust, and reputation systems, as a rule, 
only indirectly take into account transitivity; 

3) trust systems, as a rule, receive the input of subjective and general measures (reliability) 
of trust, while reputation systems — information or assessments of specific (objective) events, 
such as transactions. 

Reputation network architecture. Architecture determines how reputation ratings and values 
are transmitted between members of the reputation system. 

Centralized reputation systems. This system collects assessments of the actions of the par- 
ticipant, which were provided by other members of the community with direct experience. There 
is a center that collects and publishes them, calculates the value of reputation. In the future, 
participants can use this information to decide whether to interact or not. We are dealing here 
with the following aspects: 

1. Centralized communication protocols, which provide an opportunity both to provide partici- 
pants with assessments of the transaction partners of the center, and to obtain from the center 
the value of the reputation of a potential transaction partner. 

2. The reputation calculation model used by the center to derive the reputation values of each 
participant based on the estimates obtained and possibly other information. 

Distributed reputation systems. |n a distributed system, there is no center for collecting 
ratings and obtaining reputation values. Distributed assessment repositories are used instead, 
or even each participant can keep their thoughts on the experience with other participants and 
send this information upon request. The user finds these repositories or receives ratings from 
community members who have direct experience with a potential partner to decide whether to 
participate in the transaction. Then the user calculates the value of the reputation of a potential 
partner, based on the received assessments and their direct experience. 

Note the following aspects: 

1. Distributed communication protocol that allows participants to receive ratings from other 
members of the community. 

2. The method of calculating the reputation used by each agent on the basis of estimates and 
possibly other information. 
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Joint filtration systems. Shared filtering systems (such as Last.Fm) are similar to reputation 
systems in that they collect community member ratings. However, they also have fundamental 
differences. The assumption of such systems is that different people have different tastes and 
evaluate things differently. If two users evaluate many things in the same way, then they have 
similar tastes and are called neighbors. This information can be used to recommend things that one 
participant likes, his neighbors. Implementations of this method are often called «recommended 
systems». They should not be confused with reputation systems, which are based on the opposite 
assumption that all members of the community must agree on the effectiveness of user inter- 
actions, or on the quality of goods or services. Co-filtration systems take into account individual 
taste ratings, while reputation systems do not. Joint filtering systems rely on the reliability and 
honesty of participants, reputation systems a priori rely on their unreliability. 

Computational models (metrics). Simple summation or average of estimates. The value of 
reputation is the sum of positive and negative feedback. An example is eBay. This method of calcu- 
lation is primitive and the value of reputation is rough, and yet they are quite important. It has the 
advantages of this method as transparency and user-friendliness. More sophisticated schemes 
are used in Epinions and Amazon, which weighs estimates based on reputation, assessment time, 
distance, etc. 

Marsh asked questions about understanding trust, as well as questions about using trust 
in literature and in everyday life. In his work, Marsh [9] models only direct trust. He proposes 
a set of variables and their method of combining to obtain a single value of confidence in the 
range [—1; 1] (although according to him there is no complete trust or distrust). Each of the trust 
variables depends on the context and time. Marsh identified three types of trust: 

— basic, in all contexts; 

— common, between two people in all contexts; 

— situational, between two people in specific conditions. 

These trust values are used to calculate the risk (which also depends on the costs and ben- 
efits) associated with the situation and the intended competence of the target user, in order to 
help the agent, decide to interact with another agent based on some value. Cooperation is possible 
if situational trust is above the threshold. Also, decision-making is extended by the concept of 
«reciprocity»: «you to me, me to you» (to modify the value of trust, ie if user X has helped y in the 
past, and there is no answer, the value of trust will be reduced). 

Advogato Trust Metric (flow model). The Advogato Trust Metric algorithm formed the basis 
of the blog http://www.advogato.org and allowed to protect the community from such negative 
social phenomena as, for example, spam, trolling. This algorithm allows to identify community 
members who enjoy its trust. A community trusts member if they are trusted by the core. The 
«core» of the community (or «core of trust») is formed of several members with the highest trust. 
Relationships of trust in society are modeled by a graph, the vertices of which are members of the 
community, and the edges are built on the basis of certification by each member of the community 
of those members whom he trusts. In the simplest case, kernel trust in other members could be 
determined by having a path on the trust graph from the vertices of the kernel to the vertex of 
each participant (trust transitivity is used), but the Advogato Trust Metric algorithm uses a more 
sophisticated approach based on «trust flow» through the count. The main idea of the algorithm 
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is to find the maximum flow through the graph, after which all those participants whose vertices 
receive a non-zero flow of confidence at the input will have confidence. 

A person begins to trust the network more and more private information, until he receives one 
or another negative experience. The fact that excessive openness and openness in social networks 
is dangerous has been repeatedly confirmed. Here is just one figure: 88 % of private photos of 
an open nature, posted on social media, are stolen and promoted on porn sites without notifying 
the owners. 

So far, we have talked about the fact that a person's psychological properties have an impact 
on his behavior on social networks. It is logical to assume that on the basis of this material can be 
solved and the inverse problem. According to Shuotian Bai of the University of the Chinese Aca- 
demy of Sciences in Beijing, in 2012 a group of researchers developed an online test to determine 
a person's psychological portrait by the pattern of his behavior on social networks such as Face- 
book or Renren (China's popular social network). 

We like to talk about ourselves and this is not news [111]. In everyday life, people devote 
about 30—40 % of all conversations to this. But on social media, that number is rising to a gigantic 
80 percent! Why so? The face-to-face conversation takes place spontaneously and emotionally — 
there is no time to think about what to say — you need to have time to read the facial expressions 
and body language of the interlocutor. During the online conversation we have the opportunity to 
build and improve it. This is what psychologists call self-presentation: positioning ourselves as we 
want to be seen by others. 

In the process of self-presentation there are such strong feelings that even viewing your own 
profile on Facebook can increase our self-esteem. 

Self-presentation and strengthening of relations. Self-perception: 68 % of people say that 
they share information about themselves in order to make it clear who they are and what worries 
them. The other 78 % of people — because it helps to stay in touch with people. Experiments 
have shown that the perception of an idea as potentially contagious at the brain level is related to 
thoughts about other people. 

Facebook, with more than 2 billion active users per month, is a great example of a platform 
where people like to «like». Since Facebook introduced the «Like» button, it has been clicked by 
more than 1.13 trillion times and this number is growing every day. 

The ability to manipulate an opinion depends on the reputation vector, and the greater the 
reputation, the greater the ability to manipulate the opinion of another user in the given. These 
manipulations do not depend on positive or negative opinions. 

Reputation in the modern world is becoming a popular indicator of the activities of indivi- 
dual politicians, organizations, authorities, cities, territories and states. The relevance of the 
phenomenon is explained by the transition to the «economy of intangible assets and corporate 
reputation» [27, 28]. Since reputation can be possessed only by the subject of social ac- 
tion (individual, organization, social movement, state, etc.), the value principles of its activity, 
methods and goals are actualized. The availability of information makes reputation an impor- 
tant factor influencing the activities of an entity. In today’s world, thanks to the development 
of communication technologies, professional information becomes available to a wide range 
of people, information literacy and experience in processing message sources are formed. 
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Reputation became a separate subject of scientific research only in the second half of the 
twentieth century, but its manifestations attracted attention in the early stages of formation 
of political thought. An important component of the study of the phenomenon of reputation is 
marketing research, which has formulated such categories as «negative bias», describing the 
mechanism of influence of negative information on the impression of the subject, and «trust 
asymmetry», which determines the stronger impact of negative information on reputation com- 
pared to positive. In general, reputation is what other people think of us. As C. Fombran noted, 
reputation is the basic idea within which an individual exists in society. The researcher paid 
great attention to the information flows that create the subject of reputation, their role in the 
management of this phenomenon. He notes that reputation is a reflection of the actions taken 
by the entity in the past. This allows you to assess its subsequent behavior, to identify possible 
types of stakeholder interaction. Thus, reputation establishes a connection between the past 
and future behavior of the subject, its probable characteristics. 

Researchers identify types of reputations in the context of personality leading features: 

— mythological reputation, artificially created for electoral or other political purposes: 

— real reputation, which is formed in the process of policy and is an objective reflection of 
its positive and negative qualities (this is especially important in a competitive environment, as it 
complicates the destruction of reputation by finding inconsistencies in its composition); 

— one-dimensional reputation is created provided that the politician and his electorate have 
common unambiguous positions, goals and ideals: 

— multidimensional reputation is more complex in construction, as it is based on the views of 
different groups and program ambiguity of the policy [25]. 

Analyzing the presented definitions, we can conclude about two stages of conceptualization 
of the concept of «reputation». In the first stage, this concept is considered as the impression or 
perception of the subject of reputation by different target audiences. Behavior is not influenced by 
abstract ideas or perceptions, but by evaluations. Therefore, in the second stage of conceptualiza- 
tion, the concept of «reputation» is most often revealed through the assessment of the activities 
and behavior of the subject. 

Thus, during the evolution of the meaning of the concept of «reputation» has acquired two 
main dimensions: 

1. The level of positive assessment of the subject in relation to certain criteria. 

2. The level of information that reflects the level of collective recognition in their field. 

Therefore, the quantitative parameter of reputation, which increases the security of informa- 
tion in social networks, we determine the complex indicator of the two main dimensions of «re- 
putation». Each of the measurements is a dimensionless quantity that is in the range from O to 1. 

Therefore, we are a quantitative parameter of reputation, which increases the security of 
information on social networks. We determine by a complex indicator of the two main dimensions 
of «reputation», each of which is a dimensionless quantity. It is in the range from 0 to 1. 

According to the definition of the value of reputation, the value of the confidence factor is 
calculated, also in relative units. The value of trust can take values from O to 1. More detailed 
values of the reputation parameter and the basis of this determination of the confidence factor is 
obtained by regression analysis. 
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3.2 MODEL FOR DETERMINING THE SECURITY OF INFORMATION UNDER THE TRUST BETWEEN 
USERS AND THE AMOUNT OF INFORMATION IN THE NETWORK 


In the classical approach to the problem of personal data protection, there are many threats 
of loss of trust between users, which can be represented as a function: 


T,=F([D,,0,,0,,0, |), (3.1) 


where J; — set of threats of loss of trust between users; D, — trust in the provision of ser- 
vices (a person trusts the party in the provision of quality services or resources by the provider): 
D_— delegation trust describes the trust in the user (representative) acting and making decisions 
on behalf of the party he trusts; D_ — access trust describes the trust on the part of the (pro- 
vider) to the user who is granted access to resources. This is access control. Used in authenti- 
cation systems; D, — contextual trust determines the extent to which a participant believes in 
the necessary systems and institutional mechanisms that support transactions and ensure net- 
work security. 

The loss of such a quality as trust is a process that has a time interval. Denote the amount of 
information in the system — /. The flow of information outside the information system through dl, 
the rate of change of this flow — d//dt. 

It is logical that if the flow and the rate of change of flow are zero, then there is no leakage 
of information: 

oO: i 20 (3.2) 

dt 

Leakage of information depends on the security of the system and the measures taken to 
neutralize threats to the security of personal data. 

Let Z be an indicator of information system security. Let's make an equation: 


dl 
a 2,2 +(C,+C,)!—L (If sin’ at) -L,(1} sin’ wt) —... 
a (3.3) 
aa —1(C,, + C4.) —K,(Z5 sin? wt) — K, (Zp sin? wt) —.... 
To solve the system of equations (3.2) we write the system (3.3) in the form: 
dl Sy jhe 
—=02 +B, — S1L,J5 sin ot: 
dt k=2 
(3.4) 


Be B+ y—)2K,Z; sin‘ oot, 
dt k=2 


where w=Z,, B, =C,+C,, By =-(C,.+C,,), y =D. 
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Next, we use the exclusion method: 


f= 1 SK, dy sht ot 91 = (27+ KZ} ot > 
dt (a2 B, \ dt k=e 

d Af@z AS 

— = —} —~ + — YS (kK, Z¢ sin’ wt cosat) |. (3.5) 
~ Ot ace pa pin, eee ) 


substitute into the first equation of the system: 


2 oo 
(: an 7 Y'(kk,Z! sin ovensat) = 


ala? * a 
B, dz . Kick . K eek 
=02+—1| —-y+ VK Zi sin‘ wt |— 1,1 sin’ ot (3.6) 
B, dt k=2 fae 
or 
2 oo 
a —B, —aB,Z = -29(K,Z, sin'' wt cost) — B,y + 
k=2 
+ B, ¥)K,Z5 sin‘ at — B, ¥°L,15 sin* oot. (3.7) 
k=2 k=2 


Find the solution of the corresponding equation: 
Z” —B,2Z’ —aB,Z =0. (3.8) 


The characteristic equation has the form: A° —B,A — of, =0. 
We will consider only the case for the positive discriminant of this equation: 


+ /Bo +4 
D=B?+4oB, >0 dy = peeve + Ooe 


2 
And 
Bit+yBi+4oB,, Br ~yBi +408. 
ZAjtece +6,e ° 


— general solution of the equation (3.8). 
To find the general solution of the inhomogeneous equation, we use the method of variation 
of arbitrary constants: 


Bi +B; +408. | Br—yBi +4082 
Zglt=ej(ije = +C,(t)je 7?  , (3.9) 


where c;(t),c5(¢) will be found from the system of equations: 
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B, +/B? +408, ; B, Bj +408, : 
c — 


o(tje ? +0; (t)e 0; 
[a2 Bi +yBi +40Bo 
of(r)Prt ver + AOR. eg (3.10) 


2 
__ |p B,-VBi +408, 
+ of (pNP OP 2" =N(t), 


where 


N(t) = LY (KkK,z! sin‘ wt cost) — B,y + 


@ {=2 
+ B, ¥)K,Z5 sin‘ at —B, 1,15 sin* oot. (3.11) 
k=2 k=2 
We will get: 
By + yBi +408, By - Bi +408. 
oj(tje =-o;(t)e ? => 


= Prvbh ve _B Br vB + dah B, - Bi vii + dae =N(t), (3.12) 








= a(te 
or 
Bi-vBi +408. 
o;(tle * JB +4ap, =-N(t). (3.13) 
Then we will get: 
)=- __— [ni ee 
C,(t ‘dt, (3.14) 
J B; + = 
and 
= Bi -VBi inte 
de. (3.195) 


a Bi + = Brvaan,/N 


B, —/Bi +408 
f a Aoi at Bit Ph +408, | 


Mathematical model in the final form will look like: 
e 


— ae AOE 
‘dt -———_[N(t)e 2 dt. (3.16) 


a B; + 4aB, feria, NC V B; + 4aB, 
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As a result, we obtained the results in general: the dependence of personal data protection 
on trust is proportional to the constant parameters of protection. 

In order to confirm the obtained results, we will perform modeling in the MatLab environment. 

In Fig. 3.1 the dependence of personal data protection (in relative units) on the amount of 
information in the system — the main parameter, and the parameter of trust in information. 

In Fig. 3.2 the dependence of personal data protection (in relative units) on the parameter of 
trust in information — the main parameter, and the amount of information in the system is given. 


Graph on the dependence of the coefficient of information 





0 0 . Trust parameter 
Quantitative parameter information 





O Fig. 3.1 Dependence of personal data protection on the 
growth of information in the system 


Graph on the dependence of the coefficient of information 
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O Fig. 3.2 Dependence of personal data protection on 
trust between users 
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As we can see from the simulation results, the protection of personal data directly depends on 
the amount of information and the parameters of trust in this information. The protection of personal 
data increases with the amount of reliable information and the amount of general information. This 
fully confirms the accuracy of the proposed method of assessing the protection of personal data. 

This section is devoted to the method of assessing the dependence of personal data protection 
on the amount of information in the system and trust in social networks. Simulations for different 
types of changes in trust parameters and the amount of information in the system are performed. 
All variants of solving the equation near the steady state of the system proved that, based on the 
conditions of the ratio of dissipation and natural frequency of confidence, and the attenuation of 
the latter to a certain value is carried out periodically, with decaying amplitude, or exponentially 
decaying law. The obtained graphic materials fully showed that the protection of personal data 
increases with the growth of factors of trust in information. Dependence of protection of personal 
data on trust is proportional at constant other parameters of protection. With the growth of the 
amount of information in the system and trust in information, the total indicator of information pro- 
tection, when modeling by the proposed method, increases at a rate of 9 % more than by modeling 
by other methods, which is quite a suitable result. 


3.3 MODEL OF INFORMATION DEFENSE IN CORRESPONDENCE WITH THE PATH 
OF INFORMATION TRANSFER 


Analysis of the interaction of external influences and defenses can be presented in the form of 
a theoretical-group model [113-115]. This is a mathematical model of collective behavior. 

several participants influence the situation, and their interests and the path to the goal are 
different. With this representation of the interaction of dynamic systems, we have the equation: 


S1=(10\- (3.17) 


There are three possible behavioral strategies. In general, these strategies can be classified 
as follows: 

1) antagonistic strategy, when participants have opposing interests: 

2) cooperative strategy, when everyone has a common goal and their strategies are agreed; 

3) strategy of indifference, when the strategy of the j-th player does not depend on the strategy 
of the /-th player. That is, its length of path to information does not affect the protection of information. 

There are other types of strategies — pure or mixed [113]. In pure strategies, a deterministic 
approach is assumed, and as follows from theory, rarely leads to equilibrium decisions. In contrast, in 
mixed strategies with a stochastic approach, the range of equilibrium solutions expands significantly. 

To improve the model, we assume that we do not consider the third type of this classification. 
But consider a mixed strategy. 

The processes of external influences and defenses are an antagonistic strategy, or in gene- 
ral — mixed. With small deviations in the information with a priori data of reputational behavior of 
the social network, it is possible to imagine a model of interactions and phase states of external 
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influences and protections. It should be noted that in the known works there is no idea of a tele- 
communication network in the form of a theoretical-group model with an antagonistic strategy 
of behavior. 

For further improvement, we assume that the main parameters of external influences are 
known and accept them as deterministic. This fact is due to the influence of many uncertain, 
random conditions. 

As a result of accidental threats from external influences: y,, i=[1,nl, where: n — number of 
external influences. 

The network has corresponding dynamic interactions that can be detected and analyzed as 
a result of measurements and observations, and are characterized by a vector y(t). Then the 
dynamics of random changes in the state of the parameters of external influences can be de- 
scribed by a system of differential equations: 


6) _ 5(e)x(¢) +U(e)x(t)+W (0) (3.18) 


where x(t) — vector of state of external influences parameters; S(t) and U(t) — state and control 
matrix, respectively; u(t) — the control vector of the corresponding parameters of the informa- 
tion security system; g(t) — a random process that is approximated by white Gaussian noise: 
W(t) — a matrix that scales random perturbations. 

The observed parameters of the state of external influences are described by a system of 
algebraic equations: 


y(t) =N(X(t),t), (3.19) 


where N(t) — observation matrix. 

It can be assumed that if the whole range of external influences, we observe and take mea- 
sures to prevent them, i.e., protection is carried out with one or another probability. 

In the general case, the system of equations can be nonlinear. Then, without specifying the 
nonlinearity itself, the vector equation can be represented as: 


A) = F((R(0).70) 3.20 


where Flt) — the state matrix of dimension nxn, in this case F(t) = diag(f, i =[1,n]). 

The success of the problem of protection in relation to external influences depends on 
available resources: r, =1,(X(t),t), k=[1K], as well as on known a priori probabilities: 
p= p,(X(t).t), i =[1,n]. But we need to take into account the dynamics of changes in the 
state of the system over time, then the improved equation will take the form: 


“() _ p)(x(0).y(0).t) 3.21) 


dt 
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Available resources r, in the information protection system are determined by physical 
quantities. Therefore, the entire resource can be represented as the total amount: 


r.(x(t),t)= Soy, y 20, k=[4K],7=[40], (3,22) 
j=1 


where c,, — there is a connection between the /-th influence and the k-th protection. 

The presence of a connection is determined by the matrix C, which consists of zeros and ones, 
zero has no connection, one — connection exists. 

The dynamics of the process state is determined by the solution of equation (3.22), respec- 
tively, for y(t), which depends on the parameters c,, p,, r,. Moreover, it should be noted that the 
resource parameter includes a coefficient that takes into account the length of the information 
path in the social network. 

Thus, the model of the state of the dynamics of influences takes the following form: 


A) — F(\(a(0. (0), 3.20 


V(X(t),t) — ramen HON) Se =F (0)2)} (3.24) 


In the considered unbalanced system there are two main processes: 

1. The flow of external influences. 

2. Threats of external influences. 

Denote the flow of external influences through V(x(t),¥(¢).t), and external influences 
through Z(X(t),y(t).t). These variables depend on the state of the vectors x(t) and y(t). 

Under the assumption that the time of threat of external influence is longer than the time 
of appearance of the influence itself, it is possible to write the following, in the general case, 
a nonlinear system of equations: 


1) <v(o)(x(0).9(0)., (3.25) 
ex MD - 20)(x(0),7(0).0) (3.26) 


where e€ — diagonal matrix, which determines the effectiveness of external influences in the network. 

The formation of a model of the form (3.26) for a process with constraints and different types 
of resources remains an unsolved problem. Such a model can be built only for those cases when 
the dynamics of the process is Markov, for the limitations of the balance type. 

In this case, we can assume that the dynamics of the process isof the Markov type, because 
it does not matter when and how the network went into its current state, but only what state the 
network is in at the present time. Therefore, we will consider the general case of the presence 
of external influences in the network. The protection vector will be a function of the number of 


81 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


external influences: Z = F(y,(t),yo(t)...¥, ()). then in the absence of external influences we 
have Z = f (0), in the presence of a flow of external influences Z = f (0°). 

The rate of change of the /-th influence is determined by the appearance of new influen- 
ces Kxy,. Let's take another assumption: k, — the weight of the impact is assumed to be constant, 
i.e., k=const, in the second it is assumed that the old influences g,y,, disappear with high-quality 
system protection. Coefficient g,, directly depends on the amount of resource spent r, spent on 
one external influence: 


9, = Gig — HG: Gott, 29, (3.27) 


where t, — weighting coefficient of controlled influence on the i-th external influence. 

Then we get the equation: 

dy; 

eo ey,(t)+uw,(t), i=[1n], (3.28) 
where w;=ry, — this is the amount of resource spent on the /-th impact. 

We will consider the stationary process with fixed at time ¢ interaction of protection and 
external influences on the information protection system in the social network. For this process 
we define an a priori characteristic. For each i-th impact, we know the number of regulatory re- 
sources required to neutralize external influences — a,, then the parameter v,, will look like: 


y= is ev<t Yv,=1 (3.29) 
a y, i=1 

The steady state of this process will be determined by the model of the species: 

(w) = S [ons 0 > max. (3.30) 


Taking into account expression (3.28) we obtain: 


n 


» 
i=1 





i7i on : (3.31) 
Day; 
i=1 
substituting (3.28) into (3.31), we obtain: 
My (e, +ao(y)). (3.32) 
dt i] I | 


where @(y) = Yo, /Yay is monotonically unprofitable. 


i=] i=1 
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The approximation coefficients are negative, i.e.: 


o(V)= Sve, (). (3.33) 
s=1 


substituted the expression 3.28 at 3.30 we get a system of equations that characterize the 
dynamics of coexistence of external influences and protection of information in the social network: 


d 
wt) . Me y(t Ie Lvs, (t (3.34) 
If we use a quadratic approximation, we obtain a nonlinear system of equations in the form: 


HE) - (ole Sva.l0)-LEuo.0u,0)} 3.98 


s=1 j=1 


Let’s convert the obtained differential equation to a difference one. Let’s mark t, — dis- 
crete time. Then we will have: 


Ay las) OV) nice = Dv, (t) - ) 


Bia s=1 j=1 


5 


v9. (00.119) (3.36) 


where t,,.,-t,=1, — discretization interval. 
Then for discrete time we get: 


y.(k+1)=y,(k)+T, (0 -Yw(é)- 


3 


n 


vlboun(®)}h (3.37) 


—_ 


s=1 j= 


or 


n n 


y (k+1)= yet) (e-Zun0-¥ 


This model allows to perform analysis for various specific parameters and interactions of 
attacks and defenses. 

To use this model to determine the dependence of the protection factor of information (Fig. 3.3) 
on the average length of the path of information dissemination, we use equation 3.36 and assumptions. 

The average path length in the Barabash — Alberta (BA) model increases on average as 
the logarithm of the network size. The exact form has a double logarithmic correction [114] and 
looks like: / ~ InN/InInN, where N — the number of paths between vertices in the network. 

We introduce a coefficient that takes into account the average length of the information path 


Vate(K) 8, v(t} (3.38) 


s=1 j= 


InInn—n 
2 





in the social network: y = | where n — the number of vertices in the network. 


n(Ininn) 


The BA model has a systematically shorter mean path than a random graph. 
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Using the improved model, we will model the process of information protection in the social 
network taking into account the coefficient of the path length of information in the social network. 
The simulation results are presented in Fig. 3.4. 


Graph on the dependence of the coefficient of information protection 















































O Fig. 3.3 Dependence of the average path length in the BA model 
for power networks on the number of nodes, where / is the average 
path length, D is the number of nodes in the network 


O Fig. 3.4 Graph of the system of states of a random process 


From the above graph we see that with increasing confidence and the length of the informa- 
tion path, the protection of information does not increase. This is because the increase in the pro- 
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tection factor is inhibited by the increase in the length of the information path. That is, increasing the 
length of the information path leads to a decrease in the coefficient of information protection. In this 
case, the confidence factor cannot compensate for the negative impact of the coefficient of the path 
of information. At the maximum information path length factor, the confidence factor cannot com- 
pensate for the decrease in the information protection factor and the system becomes vulnerable. 
This is fully confirmed by theoretical calculations, which proves the adequacy of the improved model. 

Thus, the model of information protection of the social network is improved, where the antago- 
nistic strategy is implemented. Based on the creation of a database of information vulnerabilities in 
social networks, it is possible to set the task of predicting the most effective threats to information 
security of a particular object of influence, taking into account in addition to general parameters, 
the parameter of information path length in the general network. The adequacy of the model makes 
it possible to consider the matrix of ways of disseminating information as a field of states of the ob- 
ject in the process of changing its states. As a result of improving the model, it is possible to analyze 
unbalanced states in the grouping of the network, which allows to prove the possibility of equilibrium 
states and determine the limit of stability of dynamic interdependent networks at different values of 
efficiency and different sampling intervals. The analysis showed that at high efficiency of influences 
the smaller interval of sampling is necessary for maintenance of system in a steady state. 


3.4 METHOD OF CALCULATING THE SECURITY OF INFORMATION FOR THE NETWORK 
ELEMENTS CLUSTERING 


Clustering is a local characteristic of the network [111]. It characterizes the degree of interac- 
tion between the nearest neighbors of the node. In most networks, if node A is connected to node B 
and node B is connected to node C, there is a high probability that node A is connected to node C (our 
friends’ friends are usually also our friends) [117]. The clustering coefficient of a given node is the 
probability that the two nearest neighbors of this node are themselves the nearest neighbors [121]. 

The clustering factor corresponds to the ratio of the actual number of connections between 
its neighbors and their potential number. The clustering factor can be averaged for any part of the 
network or for the network as a whole, becoming its integral characteristic. 

The clustering factor is a metric that is more efficient than density and is increasingly used in 
the social sciences [114]. The clustering factor is the degree that determines how much nodes 
tend to cluster [106]. For example, in a network of friends, it is likely that two of my friends are 
friends with each other. That is, it is some estimate of network fragmentation. With high cluster- 
ing, it can be expected that the virus will spread only in a certain subgroup (cluster) [116]. With 
low clustering, there is a high probability of rapid spread of the virus throughout the network. 

Consider a mathematical description of the Markov process with discrete states and conti- 
nuous time for the security threat information system, which are created by threats of two ex- 
ternal influences, the first — using threats of the first and second vulnerabilities, the second — the 
first and third vulnerabilities (consider dependent threats). First of all, consider a system with 
failures and restores the characteristics of information security, the graph of the system of random 
process states for which is presented in Fig. 3.4 (5, —initial state of the system, 5S, — one of the 
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vulnerabilities is detected and not eliminated in the system, 5, — two vulnerabilities are detected 
and not eliminated in the system, 5, — all three vulnerabilities are detected and not eliminated 
in the system). 

We assume that all transitions of the system from one state to another occur under the 
influence of the simplest streams of events with the corresponding detection intensity A, or elim- 
ination 1, vulnerabilities, and the probability of instantaneous detection, as well as the elimination 
of several vulnerabilities, is too small. The transitions of the system to states S,, and S,, are as- 
sociated with the appearance of real threats of the corresponding influences. The transition from 
state 5, to 5,,, characterizes the simultaneous occurrence in the system of both threats (in the 
detection of the first vulnerability in the presence of the second and third), which, as we see, is 
taken into account in this method of modeling. 

This graph illustrates the correctness of the simulation with the dependence of threat threats 
on vulnerabilities. With a similar approach to the source and reduced security threat digits of the 
information system, we obtain the same graph of the system of states of a random process, be- 
cause the data of the digraphs contain the same set of vertices and transitions between vertices. 

Using this model, we can construct a system of Kolmogorov differential equations for the prob- 
abilities of states, solving which, we can calculate the probability of readiness of the information 
system for safe operation (stationary coefficient of readiness of the system for safe operation). 
Note that the construction of the considered Markov model (Fig. 3.5) does not require the use of 
any expert assessments — the input parameters of the model are stochastic parameters of threat 
vulnerabilities, which can be obtained from statistics on their occurrence (detection) and elimination. 

Now we will build the desired Markov model of the system, which must take into account that 
the real threat of impact with any probability will be realized and will lead to a fatal failure of safety 
characteristics. The mathematical model of the violator allows to determine the value of the coef- 
ficient of readiness (or probability) for a certain impact on a particular information system Kran. 
The basis of this mathematical model is the interpretation of the complexity of the implementation 
of external influences by the violator San the probable amount of information about the potential 
threat of an attack that the infringer must possess in order to carry it out: 


S,, = !({Py_,) = —log, (1-P,,, ): (3.39) 


Consider the external influence as a sequence of use by the violator of the vulnerabilities 
detected and not eliminated in the system, having the characteristics P,,, and Syr, r=1,...,R, en- 
tering a quantitative characteristic of complexity Sa (Sa=/(P,,)). Value Sa depends on the amount 
of information required by the violator for a successful external influence, the threat of which is 
created by A detected in the system and unresolved vulnerabilities: 


S, =1(P,,) = —log,(1-P,,) = -log, [] _,(1—P,. ) (3.40) 
where 
P, = 1-JT,_,(1-P,,} (3.41) 
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Using the appropriate logarithm property, you can write: 


5S. (3.42) 


yr 


M-= 


2) I(P.,.) — 5 1(A,.)= 


r=‘ r 


ll 
—" 


If the values of the characteristics are known S, and S,, (the maximum complexity of the rea- 
lized, including reflected, in a similar information system of influences), it is possible to determine 
the value of the coefficient of readiness of the violator to the external influence of complexity S,: 


5. . 
tt 6.0. 
aa (3.43) 


ra a 


Lif S.>S., 


When designing a protection system, you can always find an information system that is used 
to process similar information, which records the implemented effects, which allows you to cal- 
culate the value S.,. 

Note that to solve this problem does not require the introduction of any expert assess- 
ments — the input parameters can be obtained from the relevant statistics, which are conti- 
nuously maintained. 

Having the ability to set the value of the coefficient K,,, you can build the desired Markov 
model of information system protection. In Fig. 3.5 shows a fragment of the graph of the state of 
random processes of the system with a fatal failure of the safety characteristics (Fig. 3.4), which 
illustrates the most important features of this model. 

In Fig. 3.5 includes the absorbing state 5,, which characterizes the failure that does not 
restore the security characteristics of the information system (critical external influence on the 
information system) — there are no ways out. 





O Fig. 3.5 A fragment of the graph of the state of random processes 
of the system with a fatal failure of the safety characteristics 
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Consider the transitions between the states S, and S.S., and S, due to the presence in the 
system of threats of influences dependent on vulnerabilities. 

The peculiarity of the transition from S, to S, is due to the fact that the first vulnerability 
poses a threat to both attacks, therefore, the intensity of the transition from S, to S, is defined 
as K,.A. +K,,A,-. The peculiarity of the transition from 5.5 to 5, is due to the fact that only one 
attack will be implemented by the violator. The state of S., is characterized by the fact that the 
detected and unresolved second and third vulnerabilities, and as a consequence, the detection of 
the first vulnerability leads to the implementation of the first or second attack, so the intensity 
of the transition from 55, to S, is defined as K,,A, + KoA. 

In order to determine the required security characteristics of the information system, 
a system of Kolmogorov differential equations is constructed for the graph constructed in this 
way, followed by a system of linear algebraic equations describing the stationary regime. By solving 
this system, you can get the probabilities of the desired states, including for the vertex, which 
absorbs, determining the probability of one of the potential attacks on the information system, 
respectively, the probability of readiness for its safe operation. 

The value of the probability P; of being in a certain state in the Markov model is interpreted as 
the average relative residence time of the system in the /-th state. To calculate the average abso- 
lute residence time of the system in each i-th state 7 in the system of Kolmogorov equations, you 
need to set zero to all derivatives (P’ Ge 0)), exept Py, if we assume that at the initial moment 
the probability of being in the state P, is equal to 1. Then, according to the theorem on image 
differentiation, in the Laplace transform the right part of the first equation will be equal to —1. 
In the right-hand sides of the equations, 7; is substituted for P,, and a system of algebraic equa- 
tions is solved for them. As a result, the average time of operation of the information system to 
failure (system with fatal failure) — to the implementation of its successful impact. 

These two key security features of an information system can be used in designing a security 
system. In Markov reliability models, the failure rate parameter « is determined (for a stationary 
site) as follows: 


o= SPY A,. (3.44) 


ieQ, feQ_ 


where @, — set of states of system efficiency; Q_ — set of states of system failures; A, — the 
intensity of the transition from the i-th operational state, the probability of finding a system in 
which, P. in the j-th will cause an inoperable state. 

To build an enlarged model of information system security threats, we again turn to Fig. 3.5 and 
determine how the flow of security failures is formed. As you can see, the threat of impact occurs 
in three cases — in the transition from state S,., in which the system is with probability P,. (in the 
Markov model, the probability of being in the state is interpreted as the relative part of the system 
in this state), to state S.., threats of influence), transitions are carried out with intensity A, (taking 
into account the corresponding part of the time spent in the state S,. — with intensity P.A,), 
during the transition from state S,., in which the system is with probability P,,, to state S,.3, the 
transitions are carried out with intensity 7, (taking into account the corresponding part of the 


88 


3 MATHEMATICAL MODELS OF INFORMATION PROTECTION IN SOCIAL NETWORKS, TAKING INTO ACCOUNT 
THE SPECIFICS OF THEIR PARAMETERS 


time spent in the state 5,, — with intensity P,,A.J, in the transition from state 55,, in which the 
system is with probability P5, to 5,55, the transitions are carried out with intensity 2, (taking 
into account the corresponding part of the time spent in the state 5,, — with intensity P,,A,). 

The failure flow defined in this way can be interpreted as the flow of the real threat of impact, 
which is created in the system with intensity A. : 


XK, =O=P,A, +P A. +P A,. (3.45) 


Taking into account the obtained result, an enlarged Markov model of threat to the security of 
the information system as a whole, which is created by N threats of influences, can be built. The 
graph of the system of states of a random process which is presented in Fig. 3.6. The intensity of the 
transition to the absorbing state of S, in this case is determined by the intensity of the real threats 
of influences 2, and the coefficients of readiness of the violator to a real attack, K, n=1,..., N. 





O Fig. 3.6 An enlarged Markov model of information system 
security threat 


Practical use of the enlarged model allows to simplify the task of modeling the protection 
system, reducing it to a number of simpler tasks. In this case, the initial set of threat threats that 
pose a threat to the security of the information system can be optimized (significantly reduced) 
using the method of dynamic programming, due to the strong dependence of threats on threat 
vulnerabilities (many threat threats are created by the same vulnerabilities). 

In conclusion, we note that the most important results include substantiation of the correct- 
ness of the use of Markov processes in modeling key security characteristics of the information 
system, identified and investigated fundamental differences in the formulation and solution of the 
problem of modeling the reliability and security of information systems. systems. An important 
result of the study is the justification of the need to consider in the modeling of security charac- 
teristics as a security element should not be considered threats of impact, and — threats of 
vulnerability. As shown, this is due not only to the impossibility in the general case of a correct 
task (without any expert assessments) of the input parameters of the model, the ability to justify 
the requirements for input flows, but also the impossibility of building a correct model, because 
threats are generally dependent from threats of vulnerabilities. 

Calculating or estimating the clustering factor can give an idea of the impact of the dissemina- 
tion of unauthorized information by malicious users on the friendship with the nodes [109]. After 
the malicious node 1 is added to the contact list v, n can access sensitive information v and dis- 
close it indiscriminately using social media tools such as bulletin boards, image posting, and more. 
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To develop a model for protecting information from the clustering factor, we make a notation: 


bye 
= Ls B, =C, +Cy, B, — — (Cp aC), : i ae 


Where }°C,, —the total number of connections in the network; N — the number of vertices 


veV 


in the network. 
The dependence of the information protection indicator on the parameters of the information 
protection system in the social network is determined by the expression: 


-Bi-VBF +408. , ak ha —, -Bi— BF +408. mar aes no, 
Z(t)=|N(t)-e 8  ~—~dt-JN(t)-e *% ~~ —__dt. (3.46) 


vB; +408, vB; +408, 


solving this equation, taking into account the assumptions and limitations, we obtain the 
expression: 








y oo Due 


os (kK,Z, sin‘ wt cos ot) aoe 








ot Ne] 
Z(t) = J — x 
—B, ¥K,Z5 sin’ at x YL sin ot 
k=2 k=e 
Bi +B; +408, B,—yBi +408, 
“Bi-VBi+40B,, gp 2 “Bi-VBi+40B,, yp 2 
x}|1-e * || 1-68 = de, (3.47) 


Jpe +40, | Jp? + 4a, 


where °C, — the total number of connections in the network; N — the number of vertices 


veV 


in the network. 

Expression 3.47 is an expression of a mathematical model of social network information protec- 
tion, taking into account the clustering factor, which depends on the graph model of the entire so- 
cial network system, namely the number of connections in the network and the number of vertices 
in the network. based on these data, the information is clustered. In order to verify the results, we 
will simulate the process of information protection depending on external influences. Assume that 
all coefficients are dimensionless, ie calculated in relative units. And the biggest impact is the unit, 
similarly to the clustering factor. In order to confirm the obtained results, we will perform modeling 
according to the developed model, taking into account external influences that are nonlinear. 

The simulation results are shown in the graph of Fig. 3.7. 

The analysis of the graph of Fig. 3.7 shows that the influence of the clustering coefficient 
on the parameter of information protection in social networks is wavy in nature with a gradual 
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increase in information protection. This is due to the clustering process itself. That is, clustering 
combines information on features that are more similar in the center, so the coefficient of cluster- 
ing of information in the cluster is closest to the center and falls to the edge. But the greater the 
intensity of information, the more clusters and the greater the protection of information because 
it is much easier to protect information with the same characteristics than random information. 
This corresponds to the physical process and confirms the adequacy of the proposed model. 


Graph of information security coefficient 








Correlation coefficient 


O Fig. 3.7 Graph of the dependence of information protection 
on the clustering factor 


But the analysis of the proposed model would not be complete if we did not use the opportuni- 
ty to assess the stability of the system according to the developed model. That is, having received 
a model with the parameters of information protection of the social network, we will assess the 
resilience of our system to external influences. To do this, we will determine the phase portrait of 
the information protection system of the social network using our equation: 


a°Z dZ (= 

— —8, —-—o8,Z =—-— Y (kK,Z* sin wt coset )— 

dt? P, dt ic ae < 

— By +B, >) K,Z; sin“ ot —B, > Ly sin’ ot. (3.48) 
k=2 k=2 


The solution will be implemented in the program MatLab/Multisim. 

As aresult of modeling, we obtained a phase portrait of the protection system against clus- 
tering parameters at maximum values of external influences and clustering coefficient — 1, all 
other parameters of the protection system — 1. Additionally, we obtained a phase portrait of 
protection system at maximum influence and clustering coefficient — 0.5, all other parameters 
protection systems — 1. The obtained phase portraits are presented in the form of an ellipse, 
which indicates the stability of the information protection system. 
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Thus, in addition to the model of information protection depending on the clustering factor, 
developed a mathematical apparatus to increase the level of security of the information space of 
social networks, which is based on the analysis of the constructed phase portrait and transient 
analysis of information security. The technique allows to effectively investigate transients with the 
possibility of visualization of models (block diagrams) and research results. 


3.0 IMPACT OF THE NOISE AND THE INTERFERENCE IN THE PROTECTION OF INFORMATION 
ON SOCIAL NETWORKS 


In the real process of information protection in social networks, there are many factors that 
hinder the process of information protection. For example, an obstacle in the form of noise, which 
can completely hide the external influence on the protection system, so the mathematical model 
needs to be improved by calculating interference and interference. To do this, take the expression 
to determine p exponent in the absence of additive noise: 


¥ a, x(n—m) = 0, (3.49) 
m=0 


where a,=1, then the characteristic polynomial will have the form: 


p 
A= a,z°". (3.50) 
m=0 


It has roots z, =e", where 1<k <p and S, =1/T(o, + j2nf,), 5, — characterizes the 
attenuation coefficient and the frequency of the k-th exponent. The following equations can 
be obtained in reverse time by inverting the linear prediction equation: 


p 
SY) 5,x(n = p+m)=0, (3.51) 
m=0 
where 6,=1. Characteristic polynomial that has the form: 
P mn 
B= yo (3.92) 
m=0 
Formed from complex-conjugate coefficients of linear prediction back, has roots: 
Z, = exp(—S, ] = on( 1-0, ~ ent), (3.53) 


where 1<k < p. 
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For the fading g exponent a, <Q these roots of linear prediction forward A, will fall into a circle 
of unit radius z — plane, and the roots of the characteristic polynomial B, will, on the contrary, be 
outside this circle due to the attenuation coefficient e~**, corresponding to the growing exponent. 

These properties of the location of the roots of polynomials A, and B, due to the properties of 
deterministic exponential functions. 

Further improvement of the results is possible by using the method of decomposition by singu- 
lar numbers. Linear forward and backward prediction errors can be recorded in the following form: 


fof = ig f bb b b 
Kip AX, FO X80, -%, Fe, (3.54) 


where Toeplitz data matrices ve xX? and data vectors Na x" are defined by expressions: 


x(p)....x(1) x(p +1) 
ee sdamteenheesian i ees 
x(N 1)... x(N) 
X(p+1)......X(2) x(1) 
Noi seein sedans i pees | (3.55) 
x(N)...x(N = p+1) x(N —p) 


A vector of linear prediction coefficients forward a, vector of linear prediction errors e,, 
vector linear prediction back a, and vector of back linear prediction errors e, will be determined 
by expressions: 


a’(1) e'(p +1) 

Viol Li 
a’(p) e’(p+1) 

ap [ove Gi [ieacr: : (3.56) 
a’(p) e’(N) 


Using known relations, for a data matrix it is possible to display in types of expansion on 
singular numbers: 


X= Yotul(v’)", xb=Yotut(v'y" 3.57) 
n=1 n=1 


where o/ — positive singular numbers of the matrix X/,; o; — positive singular numbers of the 
matrix X?; u, and v, — eigenvectors of the corresponding data matrices. 
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If the signal consists of a mixture of m exponents and additive noise, then m eigenvectors 
associated with m the most singular numbers will cover these exponential components. Rest 
p—m eigenvectors associated with smaller singular numbers will cover the noise components. 

Assuming that the singular numbers are ordered in descending order, i.e. 0; > 0; > 03...> 6, 
then it is possible to obtain a reduced approximation rank for each data matrix by cutting the 
relations for decomposition by singular numbers in (3.57) to m main singular numbers: 


xt= You (vy", x= ¥ ott! (v4) (3.58) 
n=1 


This procedure will reduce the proportion of noise in the data matrix by increasing the signal- 
to-noise ratio. 
Minimizing norms la, | and lar|| relative to the reduced level data matrix, we obtain: 


al, = —(,) x5» ab = -(Kp) xb. (3.59) 


In which pseudo-inverted matrices are defined by expressions: 
= Lot) vu), R= Lot) vy lusy" 3.60) 


The value of the order p should lie in the interval m < p < N—m for the rank of the matrices 
x» X, Was greater than or equal to m that is, a more predictable number of exponents. If the 
number of exponents is unknown, it can be estimated by comparison with the values of singular 
numbers. The singular numbers associated with the signal must be greater than the singular num- 
bers associated with the noise. After obtaining the results of calculating the coefficients of linear 
prediction forward and backward, defined by expression (3.60), using the expressions (3.59) 
and (3.60) calculate the roots of the characteristic polynomials, which give estimates of the 
exponents. Data vectors x» x; in the analysis of the effects of noise are not considered, despite 
the fact that they are noisy. 

As a result of the methodical calculations, it is possible to detect noisy signals with a higher 
probability than the first determined method. 

To consider the effect of interference on the signal, we assume that the interference is. 

An obstacle — in our understanding, is any action that is imposed on external influences and 
makes it difficult to determine. 

Depending on the source of the interference, all radio frequency interference that affects the 
existing information network can be divided into the following groups: 

— atmospheric interference caused by electric discharges in the atmosphere; 

— industrial barriers created by various electrical installations and power grids; 

— fluctuation (any accidental) interference caused by fluctuation (accidental deviation) of 
electric current and voltage in circuits and electronic systems; 

— space, created by radio radiation from the Sun and galaxies; 
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— contact interference due to the presence of time-varying contacts between the conductive 
surfaces that are in the zone of intense fields of the transmitters: 

— mutual interference arising from the interaction of electromagnetic fields of any elect- 
ronic means. 

Obstacles can be intentional or unintentional. Intentional obstructions created specifically to 
hinder or disrupt the operation of the information transmission network. Intentional obstacles are 
divided into sighting and blocking. Unintentional obstacles include: mutual — from radio equipment; 
atmospheric (natural) — from various natural phenomena; local (industrial) — from local sources 
of interference. According to the intensity of the impact on radio communication, interference is 
divided into weak, strong and depressing. According to the degree of possibility of elimination of 
obstacles, obstacles can be classified as insurmountable and insurmountable. 

In order to reduce the error that may affect the process of recognizing external influences, 
we define the main characteristics of the obstacle. 

The main characteristic is the correlation function, which is defined by the expression: 


K,(1) =¥(0)¥(t-+2) = Jim A] x(t)x(t-+ at 3.811 


For the case of interference, and the recognition of signals of external influences — the physi- 
cal meaning of the correlation function is as follows: x(t) is detected energy spectrum of the 
impact signal, if at the time — ¢ time value x(t) is a definite quantity, it is unlikely that at the time 
t+, where t — very small, value x(t +7) will be equal to zero. But if t — will be taken large 
enough, the value x(t + t) can be any. That is, between certain signals x(t) Ta x(t +t) there is 
a dependence that decreases with increasing t. Behavior of probable magnitude x(t) will be cha- 
racterized not only by meaning but also by interrelationship x(t) at time ¢ and x(t +t). A measure 
of this relationship is the correlation function. 

The standard deviation will be determined by the expression: 


o°(t)=[ x(t) — x(t +) ] =2[K.(0)-K,(0)] (3.62) 


The standard deviation is completely determined by the correlation function, which indicates 
how much the two processes x(t) and x(t +t) are averaged. 

All of the above is specific to the ergodic process. A stationary process is called ergodic in the 
narrow sense, if with a probability unit all its probabilistic characteristics can be obtained by one 
implementation of the process. Given that the different characteristics of the ergodic process are 
usually determined by averaging over time, we can say that a stationary random process is ergodic if 
the results of averaging over time coincide with the corresponding results of averaging over the set. 

To further consider the interference that affects the signal of external influences, consider 
the main properties of the correlation function: 

1. The correlation function of the ergodic signal is a pair function: 


K,(t) = K,(-1). (3.63) 
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2. Any value of the correlation function cannot exceed the value of this function at zero value 
of the argument: 


K (0) > K,(t). (3.64) 
Let’s prove this by considering the expression (3.60): 

o°(t)=[x(t)—x(t+2)] =2[K, (0)—K, (t)]=2K, (0)—2K, (7). 

It follows from this expression that it matters if: 

2K, (0) -2K, (x) 20, K, (0)2K, (2), 


which is a proof of the second property of the correlation function. 

3. If the erosion process does not contain a deterministic component, then its correlation 
function coincides indefinitely with the growth of t, with increasing dependence x(t) and X(t + t) 
decreases, when t — oo they become independent. The presence of a deterministic component in 
the process x(t) = &(t)+&, lead to: 


lim K, = lim [&(t)+&) | x[€(¢+)+&) |=&5 =K(). (3.65) 
4. The variance will be determined: 
D| X(t) ]=o% -& =K, (0)-K, (~). (3.66) 


9. The autocorrelation function of a periodic process is a periodic function with the period 
of this process. 
Let’s have a periodic process: 


x(t)=aot a, cos(kat + @, ), 


k=1 


then bearing in mind the periodicity of x(t) and taking the average for the period, we have: 


qe 


=) D4, a,a, C0S(koot + @, )cos(n(t +t) + @, )dt. (3.67) 


go k=0 n=0 


= 


Given that the integrals of the cosines at k#n are equal to 0, and when k=n+0, 1/2coskort, 
we ll get: 


00 ae 
K,(t)=a +) Looskor. (3.68) 
k=1 
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As we can see from expression (3.67), the correlation function does not depend on @ — phase 
harmonics of the initial signal, this is exactly what makes it possible to separate the signal from 
the interference. 

Let A(¢) — a signal, N(t) — obstacle, then we have: X(t) = A(t)+N(t), define the correla- 
tion function: 


K,(t)=[ A(t) + M(t) |x| A(t +t) +M(t+) | =K,(t)+ Kay (t) + Kyy(t) + Ky (1). 


where K,(t) — signal autocorrelation function; K,(t) — interference autocorrelation function: 
K w(t), Ky,(t) — intercorrelation function of interference and signal. 
Given that the signal and interference are independent then: 


Kw (t)=0,K,,(t)=0, 


we have: 


K,(t)=K,(t)+K,(t). (3.69) 


To confirm the above, we model the function of the correlation processes described 
by expressions (3.68) and (3.69), depending on the change in signal frequency. The simu- 
lation results will be presented in the form of graphs. The obtained graphs are presented 
in Fig. 3.8, Fig. 3.9. 

As can be seen from the graph shown in Fig. 3.9, the interference signals are much smaller, 
but they do not interfere with the detection of the impact signal itself and can be filtered. 


Graph of the signals and signals obstacles 


Output signal 


Frequency 





O Fig. 3.8 Graph of the correlation function of the signal of 
information transmission over the network, without interference 
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Graph of the signals and signals obstacles 


Output signal 


Frequency 





O Fig. 3.9 Graph of the correlation function of the signal of 
information transmission over the network, with an obstacle 


Thus, using the properties of the correlation function, it is possible to separate the signal from 
the interference. In the future, this method can be used for other non-periodic signals. 


3.6 ASSESSING THE LEVEL OF ECONOMIC COSTS FOR THE PROTECTION OF INFORMATION 
IN THE SOCIAL NETWORK 


Generalization of the model for assessing the level of protection of information in the social 
network from external influences on the information social resource is proposed to be carried out 
on the basis of the model of the level of protection of information in social networks. This model 
is described by the expression: 


pps = {ib {ae} fmt {ap | {sz"+ {paz} faz (3.70) 


where ta — set of elements of information in social networks; 1A — set of elements of social 
networks users’ reputation: iim" — set of sources of influence on the information security 
system: {RDS — set of requirements of information security guidelines; {sz — set of pos- 
sible technical information security systems; {paz — set of security audit of information on 
social networks; juz} — the level of information security in social networks. 

Let’s use the expression to define the connection between external influences and technical 
means of information protection: 


IMSZ 
ia) 





al (3.71) 
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It is necessary to take into account, more precisely, to take into account that the values / and 
j have a certain adjacent message, namely: 


Vie {IM, } and Wj €{/"}. (3.72) 


The threat matrix will matter: 


| ml _ 1, if there are / impacts for j-th information active; 
~ 0, if there are not i impacts for j-th information active. 


Every mechanism of information protection in social networks SZ, < {5z'"} characterized 
by a vector: 


52, = (Top.T, Ce), (3.73) 


where /,, — type of information protection; 7, — implementation time; C,, — the cost of the pro- 
tection system. 

A matrix is used to describe the relationship between external influences and technical means 
of information protection: 


IMSZ 
F 


IMSZ 
| 








; (3.74) 


where vj” —reflects the existence of a link between the i-th impact on the information security 
system IM, < ye | and j-th technical means of information protection SZ, € yaa? 

The model uses the following types of communication: 

— MZ — protection mechanism that counteracts its destructive effect VH, < {VH}: 

— NMZ — there is no protection mechanism to counter the /-th threat. 

With yj’ e{MZ,NMZ‘, MZ, NMZ — there is a connection of a certain type between the 
i-th influence and the j-th technical means of information protection. For matrix elements, the 
values are determined by the rule: 


Vi 


| me _ | MZ, if i-th influence is determined by j-th technical mean; 
/ " \ MZ, if i-th influence isn't determined by j-th technical mean. 


If for all i=m, yj’ =NMZ, it is concluded that technical means of information protection 


in social networks are not able to protect information resources from a certain destructive 
impact, and therefore to increase the level of information security it is necessary to attract ad- 
ditional funds for protection mechanisms. 

The next step is to determine the set of requirements of regulators Ro”. which consist of re- 
quirements for information protection in social networks — {Reo}, specified in international and natio- 
nal recommendations, a set of assessments of the degree of compliance with security requirements 
{OV,, + and a set of final level of compliance of information protection in social networks {/U,, +. 
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Then we have: 
{ao™ | = {Pent U{OV aot Uf iU got. (3.75) 


Determination of the generalized indicator of the level of information security in the social net- 
work, which allows to assess the level of compliance of technical means of information protection 
with the requirements of the recommendations and documents: 


k 
opz'" = ¥ OFZ, (3.76) 


i=1 


where k — the number of individual indicators of information security. 

OPZ, — a single indicator acquires value from the set: OPZ; — absence of unacceptable risks, 
at creation of system of protection of the information it is necessary to define models of threats. 
When compiling a threat model/attacker model and risk assessment (if unacceptable risks are 
identified, then OPZ=0, otherwise — OPZ,=1). 

OPZ, — absence of dangerous threats (if the detected threats are already blocked by technical 
means of information protection, then OPZ,=1, if in the system of information protection in social 
networks, when compiling the model identified threats or influences that cannot be blocked by 
technical means of information protection existing system — OPZ,=0). 

OPZ, — the level of compliance of information security in the social network with the require- 
ments of the recommendations for protection systems (if recognized as recommended — OPZ, = 1, 
if recognized as not recommended — OPZ,=0). 

Based on the data obtained, the system is assigned one of three levels of security: 


uz" ={low, medium, high}: 


high if gpz*" = 3; 
uz" = shigh if 4< gpz" <3; (3.77) 
low if op7z" =0. 


The audit assessment of information security in the social network allows to determine the 
most valuable information assets of information, the effectiveness of the means used to protect 
them, as well as the degree of compliance of the technical protection system with protection 
requirements and the level of security, identify the most vulnerabilities and develop recommenda- 
tions for improvement, if necessary, information security. 

To assess the economic feasibility of implementing a mechanism of technical means of in- 
formation protection in social networks, depending on the value of information, we introduce 
the following notation: V's” — the value of information for social network users (parties who 
own the information and try to protect it); V's — value of information for the attacking par- 
ty (trying to obtain information); SZ” — means of possible technical means of information pro- 
tection; SV" = isv™ Sve", SV") — funds allocated for obtaining information resources; 
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SV" — means of hacking the mechanisms of the information access system: Sv°" — means of 
hacking the mechanisms of the information confidentiality system; SV" — means of breaking the 
mechanisms of technical means of information protection. 

Based on the above we will have: 


sv™ ={sv™ tn isv™ }n{ sv}. (3.78) 


It is obvious that it is pointless to invest more in protecting or obtaining information than the 
value of the information itself. It doesn’t make sense. That is, the correct inequalities: 


Ve2SV". Ve Sey (3.79) 


To further develop the model of estimating economic costs, we assume that the probabilities 
are determined by the expressions: 


ISN 
P, = — af ISN 3 (3.80) 
q,x5V™ +q, x SV 
ISN 
Fi = re ald ISN (3.81) 
q,x SV" +q, x SV 


where q,, 9, — weights that determine how close each side is to the goal, F, — probability of reali- 
zation of at least one i-th threat of the j-th asset (probability of success by the attacking party): 
P, — probability of protection against the /-th threat of the j-th asset (the probability of success 
is protected by the party). 

Assume that the amount of funds allocated by the attacking party is equal to the value of infor- 
mation, the value of information is the same for both parties, and the opposing parties are on equal 
terms, then the economic cost of information protection in social networks should not exceed: 


5-1 
sy" = Ve x ve : (3.82) 





Thus, the model of estimating economic costs for the information protection system in social 
networks has been improved. The effectiveness of the proposed model for estimating economic 
costs depends on the accuracy of formulating the probability of protection success and determin- 
ing the value of information. 
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METHODOLOGICAL ASPECTS OF POSTQUANTUM ASYMMETRIC MCELIECE 
AND NIEDERREITER SYSTEMS ON ALGEBRA-GEOMETRIC CODES DESIGN 


ABSTRACT 


The practical aspects of the methodology for constructing post-quantum algorithms for asym- 
metric cryptosystems McEliece and Niederreiter on algebraic codes (elliptic and modified elliptic 
codes) and their mathematical models and practical algorithms are discussed. Hybrid crypto-code 
constructions (HCCC) of McEliece and Niederreiter on flawed codes are proposed, which can 
significantly (20 times) reduce energy costs for implementation, while ensuring the required level 
of cryptographic stability of the system in the post-quantum period. The concept of security of 
the corporate information and educational system (CIES) based on the construction of an adaptive 
information security system is proposed. To ensure the security of information resources of CIES, 
a model is proposed, which allows not only to take into account the synergy and hybridity of mo- 
dern threats, but also to form preventive countermeasures. 


KEYWORDS 


Crypto-code constructions, post-quantum cryptosystems, modified codes, flawed codes. 


The entry of mankind into the era of high technologies has made it possible to single out cyber- 
space (an abstract concept based on computer networks and Internet technologies) into a sepa- 
rate component of security and put it before information security and security of information. 
To ensure security, as a rule, symmetric cryptosystems with temporary strength are used, but 
fast (by 3-5 orders of magnitude) crypto transformations, in comparison with asymmetric crypto- 
systems that provide a provable level of security (strength is based on NP-complete problems), 
which allows them to be used in transmission key data of symmetric cryptosystems and form 
digital signature protocols (DS) providing the service of authenticity (authenticity of the mes- 
Sage source). The rapid development of computing means provides a 2-fold increase in computing 
capabilities every 18 months, which significantly increases the scope of services in cyberspace. 
However, the analysis by US NIST specialists of traditional cryptography algorithms [122-124] 
and asymmetric cryptography algorithms, digital signature protocols (including algorithms using 
elliptic curves) showed that the computational capabilities in the post-quantum period are the 
use of full-scale quantum computers and the Grover and Shor hacking algorithms [125] — allow 
for polynomial time to break the cryptosystem data used in computer systems and networks of 
cyberspace, which casts doubt on the quality of providing basic security services: confidentiality, 
integrity and authenticity. In works [125-128] it is indicated that with the growth of computing 
capabilities, there is not only an expansion of IT services in almost all spheres of human activity, but 
also a significant increase in hybrid, providing a synergistic effect, target attacks with elements 
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of social engineering. Thus, a scientific and technical problem arises to provide basic security ser- 
vices based on alternative approaches that ensure, first of all, the cryptographic strength of the 
algorithms used. Methods of digital steganography are another area that allows ensuring the se- 
crecy of information circulation at critical infrastructure facilities. However, in works [129-133] 
practical algorithms for steganoanalysis are shown. Thus, the development of high technologies, 
the growth of computing resources, the possibility of the appearance of a full-scale computer put 
forward new more stringent requirements for the mechanisms for providing security services. 


41 RESEARCH OF REQUIREMENTS FOR POST-QUANTUM CRYPTOGRAPHY ALGORITHMS 


Analysis of recent research and publications [122—125, 134-138] showed that with the 
advent of a full-scale quantum computer, the security of modern cryptosystems providing basic 
security services is being questioned. Therefore, NIST USA specialists are holding a competition 
for post-quantum cryptography algorithms. Among the algorithms-contestants that passed to the 
second round there are also crypto-code constructions (CCC). Thus, the consideration of the use 
of the Niederreiter CCC on algebraic geometric codes (AGC) (codes on elliptic curves and/or their 
modifications, on defective codes) in practical algorithms of security services for their modification/ 
improvement is an urgent task. 

When implementing a full-scale quantum computer, Shor’s algorithm allows factoring the 
number WN into factors in the time Ollg,N) using Ollg N)-bits register, which is significantly faster 
than any classical factorization method. The advantages of using quantum registers are significant 
memory savings (N quantum bits can contain 2N bits of information), the interaction between 
qubits makes it possible to affect the entire register in one operation (quantum parallelism). 

Thus, Shor’s algorithm called into question the very existence of asymmetric cryptography, 
since on its basis it is possible to effectively solve problems of discrete logarithm and other 
problems on the complexity of which cryptographic algorithms are based. This conclusion was 
confirmed in March 2018 in the report of the US NIST (Report on Post-Quantum Crypto- 
graphy) [122, 123], which notes that the emergence of full-scale quantum computers casts 
doubts on the cryptographic strength of asymmetric cryptography algorithms, and in Feb- 
ruary 2019, experts NIST USA, at the opening of the competition for post-quantum cryptography 
algorithms, stated that the algorithms on elliptic curves are also being questioned. Thus, humanity 
enters the so-called post-quantum period — a period of time in the future when classical methods 
will be significantly improved and quantum computers with the register lengths (in qubits) necessary 
for successful cryptanalysis and the mathematical and software necessary for their implementation 
will be created. The main problems that can be solved on a quantum computer include the following: 
shor’s quantum factorization algorithm: 
quantum Grover’s algorithm for finding an element in an unsorted base; 
shor’s quantum algorithm for solving the discrete logarithm in a finite field: 
quantum algorithm for solving the discrete logarithm in the eliptic curve (EC) Shor point group; 
quantum cryptanalysis algorithms for transformations into factor ring; 
quantum crypto analysis algorithm Xiong and Wang and its improvement and the like. 
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Table 4.1 shows the results of a comparative analysis of the complexity of factorization for 
classical and quantum algorithms, in Table 4.2 — the complexity of the implementation of Shor’s 
method of discrete logarithm to the group of eliptic curve (EC) points. 


@ Table 4.1 Comparative analysis of the complexity of factorization for classical and quantum algorithms 


Module size WV, bit Number of qubits Complexity of the quantum Complexity of the classical 


required, 2n algorithm, 4n° algorithm 
012 1024 0.54-10° 1.6:10"° 
3072 6144 fe gte apd Oh 
15360 30720 1.8°10" 9.2710" 


@ Table 4.2 The complexity of the implementation of Shor’s method of discrete logarithm to the point group EC 


Base point Number of qubits required Complexity of the quantum Complexity of the classical 
order size, bit f(n)=7n+ 4log,n+ 10 algorithm 360n° algorithm 

163 1210 16-108 3.4-10°4 

206 1834 6-109 3.4-10%8 

0/1 4016 6.7-10"° 8.8-10% 

1024 7218 Ser Oe! ase (0Ne> 


Presented in Tables 4.1, 4.2, the results of comparisons indicate a significant reduction in 
energy costs for the implementation of breaking cryptoalgorithms of asymmetric cryptography, 
which include DS algorithms when using a quantum computer, which significantly reduces the 
level of «trust» in algorithms and protocols for providing basic security services: confidentiality, 
integrity and authenticity. 

In the conditions of post-quantum cryptography, NIST experts suggest considering attacks of 
a special type (SIDE-CHANEL ATTACKS). The implementation of these attacks is aimed at finding 
vulnerabilities in the practical implementation of the cryptosystem, primarily the means of crypto- 
graphic protection. 

The following classification of special attacks based on the following features was proposed: 

— control of the computing process; 

— the way to access the system or tool; 

— the method of direct attack and the like. 

Protection against special attacks can be based on features: 

— fixed number of calls to the hash function, data randomization: 

— independence of keys from values and the like. 

The main NIST requirements for safety in the post-quantum period are: 

1. Safety requirements: 

— replacement of the ES standard FIPS 186: 

— replacement of key distribution standards SP 800-56A, SP 800-568; 

— using the new standard in protocols: TLS, SSH, IPSec etc.: 
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— security model for encryption and distribution is a «semantically secure encryption» scheme; 

— security model — IND-CCA2. 

2. Safety conditions: 

— attacker access to less than 2° selected ciphertext-key pairs. 

3. Resilience requirements: 

— 128-bit classic security/64-bit quantum security (AES-128 security margin); 

— 128-bit classic security/80-bit quantum security margin (SHA-256/SHA3-256, 
SHA-384/SHA3-384) ; 

— 206-bit classic security/128-bit quantum security (AES-256 security margin). 

Thus, NIST USA suggests considering the following models: 

— for symmetric cryptography algorithms — under the conditions of the security model 
IND-CCA2 (ndistinguishability Adaptive Ciphertext Attack), which determines the resistance to 
an adaptive attack based on the selected text cipher; 

— for electronic digital signature — under the conditions of the security model EUF-CMA (exis- 
tentially unforgeable under adaptive chosen message attacks); 

— for the key encapsulation protocol — under the conditions of the security model Canetti- 
Krawezyk (CK-security). 

As a preliminary criterion, NIST proposes an approach in which quantum attacks are limited 
to a set of fixed runtimes, or «depths», of the scheme. This parameter is named MAXDEPTH. 

Possible values for the range MAXDEPTH: 

— 240 logical gates, that is, the approximate number of gates that will be sequentially exe- 
cuted per year: 

— 264 logic gates that modern classical computing architectures can execute sequentially 
in ten years: 

—not more than 296 logical gates, that is, an approximate number of gates, how atomic-scale 
qubits with the speed of light propagation time can perform over millennia. 

Thus, the analysis showed that the use of EDS based on asymmetric cryptoalgorithms in the 
post-quantum period cannot provide a guaranteed level of cryptographic strength, and, accord- 
ingly, can be subject to a special type of attack based on a full-scale quantum computer. 


4.2 PROPERTIES OF ASYMMETRIC CRYPTO-CODE SYSTEMS MCELIECE AND NIEDERREITER 
BASED ON ELLIPTICAL CODES 


To provide security services, standards based on symmetric and asymmetric cryptography 
are generally used. It is known that symmetric cryptographic algorithms belong to the model of 
practical stability, provide ease of implementation and encryption speed 3—9 orders higher than 
asymmetric ones. Asymmetric cryptographic algorithms provide evidence-based stability. How- 
ever, under the conditions of post-quantum cryptography, the cryptographic strength of traditio- 
nal cryptography and public-key cryptography algorithms, including elliptic curve algorithms, is 
called into question. NIST experts consider crypto-code constructions to be one of the promising 
areas of post-quantum cryptography algorithms. 
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Their use allows combining the advantages of symmetric and asymmetric cryptosystems and 
additionally ensuring the reliability of the transmitted information based on the use of noise-resis- 
tant coding, that is, use transmission with direct error correction. 

Fig. 4.1 shows the classification of crypto-code constructions. 
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O Fig. 4.1 Classification of crypto-code constructions 


The analysis carried out in works [104, 134-144] showed that these cryptosystems allow pro- 
viding a provable (mathematically) level of security (strength is based on the NP-complete problem — 
decoding a random code), ensure the efficiency of crypto transformations at the level of encryption 
speed with traditional cryptography algorithms and reliability, due to the use of error-correcting 
codes. In addition, the report of NIST specialists [122, 124] noted that it is crypto-code construc- 
tions that allow providing the required level of cryptographic strength in post-quantum cryptography. 

The known methods of their construction on the basis of noise-resistant (algebraic geomet- 
ric codes, AGK), mathematical models and practical algorithms are considered in works [104, 
124, 134-144]. 

Based on McEliece’s crypto-code construction, first proposed in [144]. As a secret (pri- 
vate key), the generating matrix of the linear (n, k, d) code on GF(q) — G, and masking matrices: 
non-degenerate kxk-matrix on GF(q) — X, diagonal nxn-matrix D, permutation nxn-matrix — P. 
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The permutation matrix implements the permutation of vector coordinates in the form of matrix 
multiplication. The public key is the matrix G,=XxGxPxD. 
Encryption: 


A, =ixG,+e, 


where vector c,=ixGy, belongs to (n, k, d) code with the generator matrix G,; i — k-bit information 
vector; vector e — error vector of weight < t, serves as an additional secret parameter (session key). 

On the receiving side, the receiver, knowing the public key, and using the Berlekemp-Messi 
decoding algorithm (polynomial complexity), receives the original text. The exchange protocol 
between authorized users based on the McEliece crypto-code construction (CCC) on algebraic 
geometric (elliptic, FC) codes is shown in Fig. 4.2. 

To eliminate the drawback — the Sidelnikov attack implementation, it is proposed to use alge- 
braic geometric codes, codes built on curves (as an example, on elliptic curves). 

singular (supersingular) curves of 3 kinds are used to form the AGC (EC). 

Algebrogeometric code along the curve X over GF(q) — this is a linear code of length n < N, 
code words Clc,,c>,...,¢,) of which are given by the equality: 


k—1 


iA (R)=s, 


/= 


where P{X;,Y,,Z,) — projective points of the curve X, i.e. (X;,Y,Z,) — solutions of a homogeneous 
algebraic equation defining the curve X, i =1,n: F(P) — values of the generator functions at 
the points of the curve. 

This definition is equivalent to the matrix representation of the algebraic geometric code [125]: 


G (i,, bay ven i) = (cy, yee C1) 


where G — generator matrix of dimension kxn, K=a—g+1, a=degXxdegF of view: 


F(R) A(R) 








ees nk 
Fa(Py) Fua(P,)  Fea(Pe) 


However, the construction of the CCC on EC does not eliminate the disadvantage of significant 
energy consumption in practical implementation. To eliminate the disadvantage, it is proposed to 
use modified EC (MEC), proposed in works [104, 135, 137]. 

Consider a cryptosystem based on Niederreiter’s crypto-code construction, first proposed 
in [145]. Private (private) key check matrix H-linear (n, k, d) code on GF{q), masking matrices: 
non-degenerate rxr-matrix on GFlq) — X, diagonal nxn-matrix D, permutation nxn-matrix — P. 
Opened (public) key matrix Hy=XxHxPxD. 
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Encryption 


O Fig. 4.2 Protocol in an asymmetric cryptosystem based 
on the McEliece CCC 





Protocol 





Rule encryption: 


_ ig 
5, =exAHy, 


where vector e — is a vector of length n and weight < ¢, is computed in advance based on the 
equilibrium coding and is a transformed input sequence. On the receiving side, the recipient finds 
from q‘ solutions of expression S, =A, x Hy. Next, decryption is used based on the Berlekamp- 
Messi algorithm. 

The scheme of the exchange protocol in an asymmetric cryptosystem based on the Niederre- 
iter crypto-code construction on elliptic codes is presented in the form of Fig. 4.3. To use the EC 
in the Niederreiter CCC, the equilibrium coding of m-ary codes is used — the block diagram of the 
algorithm is shown in Fig. 4.4. To form a cryptogram at the first stage, the plaintext is converted 
into an error vector based on the equilibrium coding algorithm. After this, a syndrome is formed 
by multiplying the check matrix on elliptic codes by an error vector. Practical implementation of 
the scheme showed that when using elliptic codes, it is necessary to take into account positional 
clear-text sets {MF} for «sifting out» error vector sets that do not allow using the classical 
version of decoding information on the receiving side. 

Elements of positional sets form a session key and allow to increase the level of cryptographic 
stability. Fig. 4.5 shows an encryption algorithm in the Niederreiter CCC in the EC. 

The analysis showed that for the provision of basic security services, crypto code construc- 
tions are usually used based on the McEliece and Niederreiter schemes. To ensure the level of 
cryptographic strength in post-quantum cryptography, it is necessary to use the power of the 
alphabet in a field of 2"°—2"8 degrees, which is a significant drawback of their practical application. 
Even at the current level of computer technology, this is a rather difficult task. 
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O Fig. 4.3 An exchange protocol in an asymmetric cryptosystem 
based on the Niederreiter CCC on the EC 
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O Fig. 4.4 Algorithm of the equilibrium coding EC in the crypto-code 
construction of the Niederreiter 
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O Fig. 4.5 CCC encryption algorithm on the EC 


The second drawback is the hacking attack of the McEliece scheme based on linear-fractional 
transformations and the property of triply transitivity of the automorphism group of the gene- 
ralized Reed-Solomon code, proposed in the work of professor of Sidelnikov from Moscow State 
University. The essence of attack is to find the elements of the generating matrix and remove 
the action of masking matrices. The orthogonality of the matrices, which is generative and test, 
allows us to consider the effectiveness of the attack on the Niederreiter scheme. A promising 
way to eliminate the identified patterns Sidelnikov proposes to use cascade or algebraic geometry 
codes — codes built on the basis of the algebra of the theory of noise-resistant coding and geo- 
metric parameters of the curve, in particular elliptic curves. 


110 


4 METHODOLOGICAL ASPECTS OF POSTQUANTUM ASYMMETRIC MCELIECE AND NIEDERREITER SYSTEMS 
ON ALGEBRA-GEOMETRIC CODES DESIGN 


4.3 SIDELNIKOW’S ATTACK ON THE CRYPTO-CODE CONSTRUCTIONS OF MCELIECE AND 
NIEDERREITER 


When considering the cryptanalysis algorithm for code-theoretic schemes and studying the 
properties of linear fractional transformations used in this case, we will use the main theoretical 
results given in [139, 140]. 

Elements of the group of linear fractional transformations (x) are linear fractional functions: 





ax+b 
rar 


other than constant, i.e. functions for which the determinant of the matrix: 


a D 
é @ 
nonzero, a,b, c,d e€GF(q) U{ob=F.. 


Each fractional linear transformation (x) one-to-one displays a set of elements F, into itself. 
Group (x) is non-commutative with group operation: 


9(x) ® "(x)= 0(9'(x)x) 
and has order: 
(9+ 1)q(q-1). 


The main property of the group @(q), used in [139] for effective cryptanalysis (remov- 
ing the action of masking matrices) of code-theoretic schemes on generalized Reed-Solomon 
codes), consists in triple transitivity 0(q) [139]. This means that for any two pairs (a,, dy, a, ) 
and (b,,b,,6;), a,b, €F,, with pairwise different coordinates in (q) there is one element ¢, 
for which it is true (a,) = b,, i=1,2,3. Moreover, the automorphism group G, generalized 
Reed-Solomon code contains a subgroup isomorphic to the group of linear fractional transforma- 
tions &(q) [139]. 

Group of automorphisms G, generalized Reed-Solomon code is also thrice-transitive: for any 
pair of ordered triples (B,,B,,B,) and (y,, Yo, 3) with pairwise different coordinates, where 
1B, Bo: Bs fs {Yas Yo: Ya f € 104, Oly, ....0, | = GF(q)U {oo}, there exists a monomial (with one 
nonzero element in each row and in each column) matrix A, ¢G,, which translates three coor- 
dinates Ge Xn am of the vector x = is Ne ne) into coordinates co X,3 x,,] of the 
vector x A, multiplying them by the corresponding constants determined by the eigenvalues and 
matrices A, €G,. 

Using the considered properties of the triple transitivity of the automorphism group G, of the 
generalized Reed-Solomon code and the group of linear fractional transformations in [139, 140] it 
was shown that applying the corresponding function (x) you can move any three coordinates of 
the vector to the first three places x = (x, a: } Calculating the first three coordinates 


ual 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


of the vector x = (x, ) ome ) in [139], proposed a polynomial algorithm for calculating 
the entire vector x = (« X..s+0X. J, which is the main part of the secret key of a code- 
theoretic scheme based on generalized Reed- solomon codes. Thus, the property of three times 
transitivity of a group by an automorphism of generalized Reed-Solomon codes and a group of 
linear fractional transformations underlies the corresponding cryptanalysis method. Cryptosystems 
built on codes that are free of the indicated properties of a group of automorphisms are not vul- 
nerable to such cryptanalysis — only those that are built using non-cyclic coding methods (which do 
not allow a polynomial description over a polynomial ring in one formal variable) can be considered 
potentially stable code-theoretic schemes that allow algebraically to define extensive classes of 
codes with arbitrary parameters and take arbitrary length over a finite alphabet of symbols [139]. 
Algebraic geometric codes are considered to be a promising direction in this sense. 

Indeed, as shown in [104, 125, 187, 142, 143], algebraic geometric codes in the general 
case are noncyclic and are defined in terms of a linear system arising on algebraic curves. A linear 
system is specified by mapping the points of a curve to a projective space of a fixed dimension. 
The papers [137, 142, 143] give examples of the practical construction of algebraic geometric 
codes on curves. The use of algebraic geometric codes, as will be shown below, makes it possible 
to effectively build cryptographic means of protecting information with high structural properties. 


44 ASYMMETRIC CRYPTO-CODE CONSTRUCTIONS OF MCELIECE AND NIEDERREITER BASED 
ON MODIFIED ELLIPTICAL CODES 


To reduce energy costs and the practical implementation of crypto-code constructions without 
reducing the level of cryptographic strength of the system as a whole, it is proposed to use modified 
crypto-code constructions (MCCC) on modified (shortened and/or elongated) elliptic codes. It is the 
parameter d that provides cryptographic stability; therefore, to ensure cryptographic stability, it is 
necessary to fix it, which determines the use of modification methods with a fixed value of the 
structural-code distance, i.e. lengthening and shortening the code word. The Fig. 4.6 demonstrates 
the features of modified shortened and elongated codes depending on their construction. 


Methods of linear block (7, & a) code modification 

Code lengthening Code expansion Code punctuning 

(N+Xx, K+X, 7) (n+x, K, 7) (n-x, kK, 7) 
Code filling Code shortening Code ejection 
(7, K+X, 7) (n-x, K-x, 7) (n, K-X, 7) 


O Fig. 4.6 Methods for modifying error-correcting codes 
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The simplest and most convenient method of modifying a linear block code, not reduc- 
ing the minimum code distance is shortening its length by reducing the information symbols. 
Let /=(I,,l5,...,/,) — information vector (n, k, d) of block code. We chose a subset h of infor- 
mation symbols, |h| =x, x<‘1/2k. We put zeros in the information vector / in the subset h, 
i.e. /=0, Vie h. On the other positions of the vector /, we place the information symbols. While 
the information vector encoding, the symbols of the set fA are not involved (they are null) and 
can be discarded, and the resulting code word is shorter by x code symbols. For modifica- 
tion (shortening) of elliptic codes, we use the reduced set of the curve points. The following 
statement is true. 

Statement 1. Let EC — an elliptic curve over GFq), g=g(EC) — the curve genus, EC(GFlq)) — a set 
of its points over a finite field, W=EC(GF(q)) — their number. Let X and h — nonintersecting subsets 
of points, X vh=EC(GF(q)), |h| =x. Then shortened elliptic (n, k, d) code over GF(q), built through 
mapping like @: X>P*", is linked by characteristics kK+d=n, where: 


n=2Jq+q+1-x, k>a-x, (4.1) 


d>n-a,oa = ddedF. 


Statement 2. Shortened elliptic (n, k, d) code over GFlq), built through mapping like 
: XP", is linked by characteristics k+d=n, where: 


n=2J/q+q+1-x, k>n-a, (4.2) 
d>a, a=ddegF. 


second method for modifying a linear block code, which stores the minimum code distance 
and increases the amount of data transmitted is the elongation of its length after forming ini- 
tialization vector, by reducing the information symbols. Let /=(/,,/,,...,/,) — information vector 
of (n, k, d) block code. Choose a subset h of the information symbols, |h| =x, x <1/2k and form 
initialization vector. 

An information vector / in a subset of zeros f, i.e. /=0, V /eh. On the other positions of 
the vector / put the information symbols. After in position of initialization vector add information 
symbols. For the modification (lengthening) elliptic codes will use reduction of the curve points 
multiplicity. The following statement is true. 

Statement 3. Let EC — elliptic curve over GF (q), g=g (EC) — curve genus, EC (GF (q)) — multi- 
plicity of its points over a finite field, N=EC (GF (q)) — their number. Fix a subset h,ch, |h, | =x,. 
Let an elliptic (n, k, d) code over GF(q) built through a mapping in the form @: X->P** is given. 
Then the parameters of the elongate on x, symbols from GF{q) elliptic code built through mapping 
@: (XUA,)—>P*", are related as follows: k>a—x+x,, d=>n-a, a=3xdegF. 

Evidence. lf x,<x, then the lengthening code on x, is equivalent to shortening the source 
code on the x—x,. Having substituted these parameters in the expression, we obtain the result 
of corollary 1. 
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Corollary 1. The volume of private key (in bits) in motivated crypto-code system based on 
the theoretical-code McEliece scheme built on elliptical (n, k, d) code over GF(2”) is determined 
by the sum of matrix elements X, P, D (in bits), and is given by: 


Lene: (4.3) 


Evidence. Indeed, secret key in McEliece scheme-generating matrix A (generating code ma- 
trix) and masking matrix X, P, D. In order to determine private key (in bits) of an elliptic (n, k, d) 
code over GF(2”), according to 1, it is sufficient to define multiplicity of coefficients a,...a,, 
Va.e GF(2”), and elements of masking matrixes. Total must be stored /,, =Oxn*xk*xm bits 
of secret key information [125]. 

Corollary 2. \f you know the type of elliptic curve (multiplicity a,...4,, Va.e GFlq)), the subset 
of h and h, are completely determine the modified elliptical (n, k, d) codes over GF(q), built through 
the mapping of the form: @: XP*" and @: (XUh,JP*. 

Evidence. Multiplicity of coefficients a,...4,, Va.< GF(q) is uniquely defined form of the el- 
liptic curve, and, accordingly, multiplicity of its points EC(GF(q)). Using a mapping in the form of 
: EC->P™ and the results of statements 3, construct the elliptical (n, k, d) code over GF(q). 
If you know the elongating symbols, then we construct the elongated codes. 

According to the statement 3, it is symbols from multiplicity h,, which completely determine 
the modified elliptical (n, k, d) code over GF(q). 

Statement 4. Fix a subset h,ch, |h,| =x,. Let an elliptic (n, k, d) code over GF(q), built 
through a mapping of the form @: XP" is given. Then the elliptic code parameters of the 
elongated on x, characters from GF(q), built by mapping of the form @: (XUh,J>P™, will be 
connected by the relations: n = 2./q +qQ+1-X+X,, k2n-o, d2a, a=3xdegF. 

Corollary 3. \f you know the form of an elliptic curve (multiplicity a,...4,, Va.e GFlq)), the 
subset of h and h, completely determine the modified elliptical (n, k, d) codes (MEC) over GFlq), 
built through the mapping of the form: @: X>P™ and o: (XUh,J3P™. 

Evidence. The multiplicity of coefficients a,...a,, ae GFlq) uniquely defines form of an el- 
liptic curve, and, accordingly, multiplicity of its points EC(GF(q)). Using a mapping of the form 
: EC—>P™ and results of statements 3, 4, construct an elliptic (n, k, d) code over GFlq). 
If you know the lengthening symbols, then we construct the elongated codes. According to the 
statement 3, the symbols of the multiplicities h and h,, which completely determine the modified 
elliptical (n, kK, d) code over GF(q). 

Results of statements 3, 4, and their corollaries allow us to construct modified (elongated) ellip- 
tical (n, k, d) codes over GF(q). Define the following algorithm for constructing modified elliptic codes. 

Mathematical model of asymmetric crypto-code systems (ACCS) using the McEliece CCC 
based on shortening (reduction of information symbols) is formally defined by a combination of the 
following elements [125]: 

— a set of plaintexts M={M,,M,,....M..}, where M,=4lovh, ty shat, Wl, €GF(q), h, - 
information symbols equal to zero, [|h| =1/2k, |. e /=0, Vie h; 

— a set of secret texts (codegrams) C = {C,C, ae Cf where C, = (A, 4, — A Ay...) 
VA, e GF (q): 
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—a set of direct mappings (based on public key usage — generating matrix) @ = {QQ rae 0, 
where 9: M—> 6,_,,/=1e... 

— a set pt inverse mania —— on secret aa key uSage —disguise matrixes) 
o ={9;' 1Qp seees ¢;'}, where @;" Oy 4, 2M, i= 12... 

— a set of ie parameterizing direct mappings sitie key of the authorized user) K, = 
= IK, A secealh i Gye cae oI. where Gy,' — generating nxk matrix disguised 
as a random code’ of algebra-geometric block (n, k, d) code with elements from GF(q ), Le 
Q,: Ve. »,: |= le,....8; @— a set of polynomial curve coefficients a,...a,, Va,e GFtq), 
uniquely defining a specific set of points on the curve from the space P°: 

— a set of keys, parameterizing inverse mappings (private (secret) key of the authorized 
user) K” = {K;,K3,...K; b= {{X,P,D},.{X,P,D}......{X,P.D}. b {XPD}. = {X',P.0'}, where 
X' — disguise nondegenerate randomly equiprobably formed by a source of keys k x k matrix with 
elements from GF (q); P' — permutation randomly equiprobably formed by a source of keys nxn 
matrix with elements from GF (q); D' — diagonal formed by a source of keys nxn matrix with 
elements from GF(q); i.e. @;': C—+->M, i=102....,8, the complexity of the inverse mapping 
«;' without knowing the key K, eK’ is associated with solving theoretical-complexity problems 
in random code decoding (general position code). 

The initial data in the description of the considered asymmetric crypto-code information pro- 
tection system are: 

— algebrogeometric block (n, k, d) code C,_, over GF(q), i.e. a set of code words 
C,<C,_, such that the equality is true C,H’ =0, where H — check matrix of algebrogeomet- 
ric block code: 

— a,—a set of the curve polynomial coefficients a,...a,, Va,e GFlq), uniquely defining a specific 
set of the curve points from space P* to form the generating matrix; 

— h,—information symbols, equal to zero, |h| =1/2k, i.e. }=0, Vie h: 

— disguising matrix mappings, given by a set of matrices {X, P, D} . 

In asymmetric crypto-code system based on the McEliece CCC, the modified (shortened) 
algebrogeometric (n, k, d) code C,_ h with fast decoding algorithm is disguised as a random 
(n, k, d) code C,_ ' by multiplying the generating matrix G® of the code C,_ h by the secret dis- 
guise matrices xe P*” and D"'4], providing the formation of the authorized user's public key: 
Gy = X"xG™ x PY xD’, ue {12....,s}. 

Forming a closed text C, C, _p, on the basis of the entered plaintext Me M and a given 
public key Gy.", ue {1.2...., an is carried out by forming a code word of the disguised code by adding 
a random vector e = (@,,€,,....6, 1): 


C= 9,(M,Gi)=M, x(Gi) +e 


where the Hamming weight (number of nonzero elements) of the vector does not exceed the 
correcting ability of the algebraic block code used: 


o<w(e)se=|9o4) 
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For each formed secret text 6; «C,_,, the corresponding vector e = (,,8,,....8,-,) acts as 
a one-time session key, i.e. for a particular E, the vector e is generated randomly equiprobably 
and independently of the other closed texts. 

The communication channel receives C/ =C, —C,_ hy 

On the receiving side, an authorized user who knows the disguise rule, the number and loca- 
tion of zero information symbols can use a fast algebrogeometric code decoding algorithm (with 
polynomial complexity) to recover the plaintext [4]: 


M, =f,"(C;.{X,P,D} ). 


To recover the plaintext, an authorized user adds zero information symbols C, =C. +O.) 
from the recovered secret text C., removes the effect of the secret permutation and diagonal 
matrices P® and D® : 


C=0) (0) (Pr) =(M x (6%) +e)x(0") (PY) 


=(m, x (X" x Gx P! xD") +e}x(D°) x (P!) 


=M,x bal x (6) x (P*) x (D") x (oy x (P’)"' +ex (D") x (P’)' = 


=M. x(x") x(G) +e x(D") KP 
decodes the received vector by the Berlekamp-Massey algorithm [26, 27]: 
C=M,~x (x")) x (c®°) +ex (D") x (P’) 


i.e. gets rid of the second term and from the multiplier (c)” in the first term in the right side 
of the equation, and then removes the effect of the disguise matrix xX", For this, the result of 
decoding M. x(x") should be multiplied by (ag ( x (X") ‘|x x(x") = M.. The resulting 
solution is the plain text M.. 

The block diagram of the real-time information exchange protocol using the asymmetric crypto- 
system based on the modified McEliece CCC with modified (shortened) elliptic codes (MEC) 
is shown in Fig. 4.7. 

Let us consider the practical algorithms of formation and decryption/decoding crypto- 
gram/codegram in a modified asymmetric crypto-code system based on the McEliece CCC on 
elliptic shortened codes. Fig. 4.8 shows an algorithm of cryptogram/codegram formation, in 
Fig. 4.9 presents an algorithm for decoding information. 

Mathematical model of modified asymmetric crypto-code information (MACCS) protection 
system using algebraic block codes based on McEliece CCC based on elongation (information sym- 
bols increasing) is formally defined by combination of the following elements: 

— multiplicity of plaintexts M = {/M,,Mp,....M,. }, where M, = 4 lost, s+ Ih ja}, VI. €GF(q), 
h, — information symbols equal to zero, |h| =1/2k, i.e. /=0, Vie h; h, — information symbols 
of lengthening k, |h| =1/2k; 
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— multiplicity of closed texts (codegrams) L = {C,,0,,....0 , }, where 0; = (Ai, Ai, a A, Ai.) 
VA, < GF(q): 

— multiplicity of straight mappings (based on the use of generating matrix public key) 
p= 11.9, ae ¢, }, where 9: MC, ,f=12....,8; 

— multiplicity of reverse mappings (based on the use of masking matrix private key) 


— multiplicity of keys, parametrizing straight mapping (the public key of an authorized user) 
Ki= Ki, oi siecle. I = aon _ et, where G,” — generating nx k matrix masked as 
a random algebra-geometric block (n, k, d) code with elements from GF (q), i.e. @,: ae 
eae 

— a.— multiplicity of coefficients of the polynomial curve a,...a,, Va, GFlq), uniquely defining 
a specific set of curve points from the space P*. 

— multiplicity of keys, parameterizing reverse mappings (personal (private) key of authorized 


elements from GF (q); P' — permutational randomly equiprobably formed by source of keys matrix 
nxn with elements from GF(q); D' — diagonal formed by source of keys matrix nxn with ele- 
ments from GF(q), i.e. @;':C—L>M, i=102....,6. 


hh 


Session key 


Formation of 


MA 


key data Private key G, X, P, D 


Public key 
G=XxGx PxD 


J 


o=|x G+e 





“=o xD’ +P" 
c =i xGt+e 
Protoco 

Encryption 





O Fig. 4.7 Protocol using the asymmetric cryptosystem based 
on the modified McEliece CCC with modified (shortened) elliptic codes 


Complexity of performing reverse mapping @-' without knowledge a key K, eK associated 
with solution of theoretic complexity problems in random code decoding (generic position code). 

Initial data in the description of the considered asymmetric crypto-code information protec- 
tion systems are the parameters described in the previous model. 
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Stage 1. Set code parameters 


requiredProbability — defined probability of 


requiredProbability 
block distortion; 


n— total number of symbols in code (code 
length); 


A— number of information symbols; 

d— minimal distance of code combinations 
by Hemming; 

g— curve genus; 

degF — the degree of generating function; 
degClurve— curve degree 


degF=', 
p=1.0 









a=degF xX degClurve, 
=n-atg-1 









Stage 2. Forming private and public keys of 
asymmetric cryptosystem, entering 
information package 


p=computeErrorProbability(probability) 


p>requiredProbability X— non-degenerate matrix Kx kover Gg); 


P— permutational matrix 7x n over GAlq/. 
D-— diagonal matrix 7x nover GFlq/; 

G— check matrix rx 7 of elliptic code over 
GFlq/: 

a/— coefficients set of curve polynomial 
a’...@ 


X, P, D, GE 
Gk =XxGF°xPxD 


Entering nformation vector / 
and public key Gre 


Forming error vector 
e 
ta false 


true 


Stage 3. Forming session key and codegram 


vector e forms randomly,equiprobably and 
independently from another secret texts; 
communication channel receives code without 
zero elements of initialization vector 
(shortening operation) 


Forming code word 
C,=GF° xi+e 


O Fig. 4.8 The algorithm of codegram formation in the modified 
McEliece ACCS with shortened modified code 


In asymmetric crypto-code system based on McEliece TCS modified (elongated) algebrogeo- 
metric (n, k, d) code C, with rapid decoding algorithm is masking random (n, k, a) code Ci, by 
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multiplying generating matrix G' of C,_, code on the secret masking matrices X", P" and D", what 
provide formation of open key for authorized user: 


Bax XG xP XD We) 12.38) 
where G** — generating n x k matrix of algebrogeometric (n, k, d) code with elements from GF (q), 


built on the basis of using the polynomial curve coefficients a,...a,, Va;e GFlq), chose by user, 
uniquely defining a specific set of curve points from the space P*. 


Stage 1. Set of code parameters, 
Entering personal key and codegram 


AAD ec. 


Remove diagonal and permutational matrices 
* = 1 
C=C; x(D)'x(P) 


X— non-degenerate matrix Ax over GF(q/, 
P—permutational matrix 7x7 over GA(Q/, 

2D-— diagonal matrix 7x over GF(q/, 

H— check matrix 7x7 of elliptic code over GA(q/, 


Decoding vector with a’ — coefficients set of curve polynomial 
Berlekamp Massey algorithm. gl... @ 


Forming vector /* 


Forming information vector 
—1 


fy X{X) =, Stage 2. Codegram decoding 





O Fig. 4.9 Algorithm for decoding information in the modified 
McEliece CCC with shortened modified code 


Forming secret text C, <0, by the entered plaintext M, <M and given public key cre 
ue {1,2....5} is performed by forming of shortened code word and then elongation of masked 
code with adding to its randomly formed vector e = (e,,@,,...€,,): 


C= 9,(M,Gi)=M,x(Gi) +e 


For each formed secret text 0, eC, the appropriate vector e = (e,,,,..-€,_,) acts as a single 
session key, i.e. for specific E,, vector e is formed randomly, equiprobably and independently of 
the other secret texts. 
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The channel receives C, =C,-C,_ 5, + &,- 

On the receiving side, an authorized user who knows the rule of masking, the number and 
location of zero information symbols can take advantage of a fast-decoding algorithm of algebro- 
geometric code (with polynomial complexity) to recover the plaintext: 


M,=£,"(C;{X,P,D}, }. 


To recover the plaintext an authorized user replaces lengthening symbols on non-zero infor- 
mation symbols: 


(6, 304 


from recovered secret text C, reduces the effect of the secret of permutational and diagonal 
matrices P® and D°: 


C=C x (D") x (P’)' = 





M,x (6) + | <(D")'x(P"y 
=(M, x(x" xG® xP" xD") +e} (D°)'x (PY) 

=M, x(X")' x(6®)' x(P")' x(D")' +ex(D°) 'x(P*) | = 
=u x(x) (0) 0r)"x(PY' 


decodes received vector with Berlekamp-Massey algorithm: 
C=M,x(X") x(6") +e(D") | x (PY), 


i.e. get rid of the second term and from the multiplier (G)"" in the first term at right side of 
equation, and then reduces the effect of masking matrix X”. 

Received result of decoding MM’, is need to be multiplied by (x") 

M; x(X") =, 

Received solution is plaintext ;, to which are added lengthening symbols: M, = M, +h, — the 
essence of sent message. 

Consider the practical algorithms of codegram forming and decoding, and a block diagram of 
communication protocol in a real time at developed McEliece CCC. 

Fig. 4.10 shows algorithm of encoding in McEliece CCC. 

Offered decoding algorithm on McEliece CCC is shown on Fig. 4.11. 

Block diagram of information exchange protocol in a real time mode with the use of asymmet- 
ric cryptosystems based on a modified McEliece CCC with modified (elongated) elliptical codes is 
shown in Fig. 4.12. 
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Start 


requiredProbability 


Stage 1. Set code parameters 


requiredProbability — defined probability of 


block distortion; 

n—total number of symbols in code (code 
length); 

A— number of information symbols; 

d— minimal distance of code combinations by 
Hemming; 

g— curve genus; 

degF — the degree of generating function; 
degCurve — curve degree. 


degF=', 


degh+ + 
GFe =X xGF°xPxD 









Stage 2. Forming private and public keys of 
asymmetric cryptosystem, entering 
information package 


p=computeErrorProbability (probability) X— non-degenerate matrix kx k over GFlg/: 


P— permutational matrix 7.x rover GFq/. 
D— diagonal matrix 7x n over GF(q/; 
G— check matrix rx of elliptic code over 
GFlg/. 

a/— coefficients set of curve polynomial 
a’... 

/V— initialization vector, 

IV= [h/ = 1/2k— reducing elements. 


p>requiredProbability 


APO, OV 


Gio =X xG°xPxD 


Stage 3. Forming session key and codegram 
Entering nformation vector / 


and public key Gre 
e 


or 


true 


vector eforms randomly,equiprobably and 
independently from another secret texts; 
communication channel receives code without 
zero elements of initialization vector 
(shortening operation) 


false 


Forming code word 
C,=Gioxi+e 


Forming codegram 
C.=C,-IV 


O Fig. 4.10 Algorithm of codegram formation in McEliece MACCS 
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Stage 1. Set of code parameters, 
Entering personal key and codegram 
APD we Mc, 


Adding zero symbols of initialization vector X — non-degenerate matrix &x over GElg/, 
C26 26 P —permutational matrix 7.7 over GF(q/, 
j j k—-h, . ‘ 
i D— diagonal matrix 7X1 over GFlq/, 
H¢_ check matrix 7x77 of elliptic code over GF/g/, 
a’ —coefficients set of curve polynomial 





Remove diagonal and permutational matrices ee 
‘ initialization vector, 
CHC’ x (D)” . (P) = |h|=2k —reducing elements 
J 





Decoding vector with 
Berlekamp Massey algorithm. 


Forming vector /* Stage 2. Codegram decoding 


Forming information vector 


ee 0.4 es 


O Fig. 4.11 Algorithm of codegram decoding in McEliece CCC 





The mathematical model of the modified asymmetric crypto-code system of information pro- 
tection using algebraic geometric block codes based on CCC McEliece based on elongation (in- 
crease of information symbols) is formally defined by a set of the following elements: 

— set of plaintexts: M = {M,,Mp,...M,, }, where M, = {loslh, «In, kr}, Wl; € GF(q), f — in- 
formation symbols equal to zero, |h| =1/2k, that is /=0, V/eh; h, — information extension 
symbols k, |h| = 1/2k; 

— set of closed texts (codograms): C = {C,,C,,...,C,, $, where C; = (Ay, Abg oe Av..) 
VA, < GF(q): 

— set of direct mappings (based on the use of the public key — the generating matrix): 
O= 11:Qpr-- , f. where ©; M6, ,i=12.... 

— set of i me mappings (based on the use | grate (private) key — masking matrices): 
p '={9,' Qos Qy 1 where @, a0, > M, i= 1,2....,8; 

— a set of keys that parameterizes direct mappings (public key of an authorized user): 
K, ={K,, i cotton he t= aoe et, where Gy’ — generative k xn matrix of alge- 
braic geometric block disguised as a dor code (n, k, d) with elements from GF (q ), that is 
Q ;: M—*>C, , P= Tene B, 
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— a,— set of coefficients of the polynomial curve a,...4,, Va,¢ GF(q), which uniquely defines a 
specific set of curve points from space P*: 

— a set of keys that parameterizes the inverse mappings (private (private) key of the autho- 
rized user): 


K* = {K;,K3,...K; }={{X,P.D} {X,P.D}.,...fX,P.D} }, 
{X,P,D}. =4X',P',D'}, 


where X’ — masking nondegenerate accidentally equally likely formed by the source of the keys 
k x k matrix with elements of GF (q); P' — nermutative is randomly equally likely formed by the 
source of keys nxn matrix with elements of GF (q); D' - diagonal formed by the source of the 
keys nxn matrix with elements of GF(q), that is @;':C——>M, i=1,2.....8, the difficulty of 
performing the inverse mapping @;' without knowledge of the key K, eK’ associated with solving 
a theoretically complex problem — decoding a random code (general position code). 





hh A 
Session key 
Formation of Me ee 


NEY, Private key G, X, P, D 


Public key ; 
a 


G=XxGx PxD 
= c= c%xD'+P 
r= 1x +e c=ixGte 
[=I Kh" 
Encryption 


O Fig. 4.12 Protocol in a real time mode with the use of 
asymmetric cryptosystems based on a modified McEliece CCC 
with modified (elongated) elliptical codes 
































Protocol 






Decryption 


The initial data in the description of the considered MNCCS are the parameters described 
in the previous model. 

In McEliece CCC modified (extended) algebrogeometric (n, k, d) code C, with a fast decoding 
algorithm disguised as random (n, k, d) code Ci, by multiplying the generating matrix G® of the 
code C, , by the masking matrix, which are kept secret X", P" and D", which provides the forma- 
tion of the public key of the authorized user: 


Gee =X"xG® xP" xD", ue {1,2....,5}, 
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where G‘ — generating matrix of algebraic geometric block (n, k, d) code with elements from 
GF(q), is based on the use of user-selected coefficients of the polynomial of the curve a,...a,, 
Va,e GF(q), which uniquely defines a specific set of curve points from space P*. 

Formation of closed text C; < C, on the entered plaintext M, <M and the specified public 
key Gy", ue {12,...,5} is carried out by forming a shortened codeword, and then extending the 
masked code with the addition of a randomly generated vector e = (¢,,é,,....6,;): 


C.=9,(M,Gi)=M,x(Gi) +e 


For each formatted closed text C, eC, corresponding vector e = (€,,€,,....6,-,) acts as a one- 
time session key, i.e. is formed randomly, equally probably and independently of a private texts. 
In the communication channel enters: 


C7 =C,-C,., +6, 


On the receiving side, an authorized user who knows the masking rule, the number and lo- 
cation of zero information symbols can use a fast algorithm for decoding algebraic geometric 
code (polynomial complexity) to recover plaintext: 


M, = 0,"'(C;.{X,P.D} ). 


To restore the plaintext, the authorized user replaces the extension symbols with zero infor- 
mation symbols: 


C= C, > Cy_y 
from the restored closed text removes the effect of secret permutation and diagonal matri- 
ces P® and D": 
M, x (Gy ) + | x (D" )' x (P! ) 
= ( x (X" x GE x PY xD") +e}x(D°) x (P") = 


=), x(x") x (6) x (P") x (D") +ex(D") x (P") ~ 
=M,x(X") x(6®) +e(D") 'x(P’) 


C=C x (") x (P’)' = 





decodes the obtained vector according to the Berlekamp — Massey algorithm: 
C=M,x(x") x(6®) +e(D°)'x(P") 


that is, it gets rid of the second term and the multiplier (G)"" in the first term in the right part 
of equality, then removes the effect of the masking matrix X”. 
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For this purpose, the received decoding result /° should be multiplied by ers 
M; x(X") =, 


The resulting solution is plain text M/;, to which extension symbols are added: M, = M, +h, 
and is a transmitted message. 

The main properties of MES are given in Table 4.3, the main parameters of MNCCS in Table 4.4. 
To construct a modified crypto-code Niederreiter system, we use basic algorithms of encryp- 
tion/decryption of the system, discussed in [125]. 


@ Table 4.3 Basic (n, k, d) properties of MEC 


Properties Shorted MEC Elongated MEC 

(n, k, d) parameters of the code which n=2/q+q+1-x, k2>a-x, n=2/q+qt+1-x+X,, 

is constructed through mapping of d>n-o., ao=3xdegF, k+d=n k>a-x+x,, d>n-a,, o=3xdegF 
a kind @: XP*" 

(n, k, d) parameters of the code which n=2/q+q+1-x, k>n-c, n=2/q+qt1-x+X,, 

is constructed through mapping of d>o, a=8xdegF,kKt+d=n  k=>n-a, d>a, o=3xdegF 


a kind @: X>P™" 


@ Table 4.4 The main parameters of MNKKS McEliece at MEC 


Properties Shorted IMEC Elongated MEC 

the dimension of the _ a 

ase Pe tog, (2a +q+ ‘)| Ie, = (X—X,) x log, (2a +q+ 1) 
dimension of the | =(a—x)xm |, =(a—x+x,)xm 

information vector 

dimension of the _ a = _ 

cryptogram I= (20a +941 x)xm s [2Va+9+1 xx) xm 


cae transmission R=(a-x)/(2/g +9+1-x] R=(0-x+x,)/(2Jq+q+1-x+%) 


Fig. 4.13 shows a block diagram of the Niederreiter MCCS, the main difference of which from 
the known is the use of the mechanism of shortening the error vector symbols after the equili- 
brium coding algorithm, which will reduce the capacity of the used GF(q) and energy capacity of 
the computing system in general. 

Algorithms for encryption and decryption are shown in Fig. 4.14, 4.15 accordingly. 

Analysis of the practical implementation of code-converting algorithms in Niederreiter MCCS 
shows that when forming the codegram based on the initialization vector, shortening is per- 
formed —/h, (error vector symbols equal to zero), |h| =1/2e, i.e. e =0, Ve,eh. When decryption 
of the cryptogram (after receiving the error vector, before using the equilibrium encryption algo- 
rithm) to obtain information «zero» shortening symbols are introduced. 

Let us consider the formal description of a modified asymmetric crypto code Niederreiter 
system through the use of the modified elliptical codes. 
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Forming number A and tts 
binary representation 


| Stage: Nonbinary equilibrium encoding 


Start 


Entering initialization vector, 


calculating truncated error 
vector 
e’=e-lV 


Entering Hx” , calculating 


codegram 


r- 


Il Stage: Cryptogram forming 


where 7— total number of symbols in the code (code length): 

w — codeword weight with elements from the _oplurality 
0 tie A | 

g—a Galois field power; 

A-—an equilibrium nonbinary sequence, A</V/; 

M-—non-binary equilibrium code power depends on the number 
of code vectors with length 7 and weight w. 


Splitting of non-binary equilibrium vector on 
positional and binomial vectors 


The calculating of A’ from The calculating of 4% from binomial 
positional vector vector 


w-1 


é (q-1) x(a, 1) 


The calculating of A 
A=A,x(q-1)" +A, 


PROVIDING RELIABILITY 


: Start 
Public key 


Finding one of the solutions 
2 ex(HEY 


¢ =¢,xD'xP" 


Cryptogram transmission S« Calculating vector 


c =i'xG+e’ 


Calculating vector e 
e =le’XPxXD)+IV 


PROVIDING CONFIDENTIALITY 





O Fig. 4.13 Structural diagram of a modified Niederreiter CCC 
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Stage 1. Set code parameters 


requiredProbability — given probability of 
block distortion, 

n—the total number of symbols in the 
code (code length) 

k— number of information symbols, 
d—the minimum distance of code 
combinations by Hamming, 

g-— the genus, 

degF— the degree of generating 
function, 

degCurve — the degree of curve. 
















Stage 2. Forming the error vector 
(equilibrium coding), of the public key 


X— non-singular & x kmatrix over GA(q/, 
P—n X npermutation matrix over GF(q/, 
D-n x ndiagonal matrix over GF(q/, 
H_ checking r X matrix of the elliptic 
code over GF(q/, 

a/—aset of coefficients of the polynomial 
curve a... a, 

/V— initialization vector, 

IV = [h | = “shortening elements 









Forming A and its binomial 
representation /4 








Stage 3. Forming error vector 


Entering 7, wle/, g, 
A 


; a Representing of number A 
Forming A and tts binomial A=A, x (q 7 1)" #A, 


representation /4 
The encoding A” ina The encoding A? in 
positional counting system binomial counting system 
Forming generalized binomial-point 
number code of A 


S, =@, x Gal Stage 4. Forming syndrome 


Syndrome goes to the communicational channel 
(End) 










Forming truncated error vector 
e=elA) - IV 













Forming syndrome 


O Fig. 4.14 The algorithm for generating the cryptogram in the Niederreiter CCC 
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otart . 
Stage 1. Setting the code parameters, 


entering the private key and codogram 


XPDHEW,S 
X—nonsingular 4X matrix over GF(q/, 


P— permutation 77 matrix over GA(q/, 
Finding a one of the possible solutions D— diagonal nxn matrix over GFIq/, 
of equation H®— check rn matrix Of elliptic code over GF(q/, 
S, = Cc; x ( al a’ — set of curve coefficients a’... a, 
/V— initialization vector, 
/V=|h| =V2 h. — reducing elements 





Removing action of diagonal and 
permutation matrix 


So =6t xp ep" stage 2. Calculation of error vector 
C =C, x x 





Vector decoding C 


Vector creation e,’ 





Vector transforming e,. 
6=6 KP X 


; Stage 3. Calculation of information 
Formation of the desired error vector e: g 





vector 
e=e,t+lV 
Splitting of non-binary equilibrium vector 
on positional and binomial vectors 


The calculating of A? The calculating of 44 
from positional vector from binomial vector 


(q-1) x(a, -1) 


The calculating of A 


A=A, x(q-1)" +A, 


O Fig. 4.15 The algorithm for cryptogram decryption in the Niederreiter CCC 


A mathematical model of the NCCS with using of the Niederreiter code-theoretic sche- 
mes (CTS) based on shortening (reducing of information symbols after converting in the error 
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vector in the algorithm of non-binary equilibrium coding) is formally given by the combination of the 
following elements [125]: 

—h,— symbols of the error vector equal to zero, |h| =1/2e, i.e e=0, Veeh; 

— a set of private texts (codegrams) — S = {5,,5,,...5,. }, where 5, = {Sy,.5p,,...54, Sy, 
V5y € GF (q); 

—a set of keys, parametrizing direct mapping (the public key of an authorized user) KU, = 

= {KU,, /KUp, ,....KU,, \. 7 He sHy,” p where H’™ — check rxn matrix of algchrageometric 
block (n, kK, a) code, disguised as random code with elements from GF(q) i.e. @,: M—2>S" 
ie 

initial aa in the description of the considered modified crypto-code information protection 
system are: 

— algebra-geometric block (n, k, d)-code over GFlq); 

— w— weight of codeword with elements from the set {0,1...g-1}, q — power of the Galois 
field, n — error vector length; A —non-binary equilibrium sequence, A</V/; M — power of non-binary 
equilibrium code defined by the number of vectors of length n and weight w; 

— a,—a set of coefficients of the polynomial of the curve a,...a,, Va, GF(q), clearly defining 
a specific set of points on the curve in space P* to form generating matrix; 

— IV — initializing vector, /(V= |h| =1/2h, — reducing elements (h, — error vector symbols equal 
to zero, |h| =1/2e, i.e. eg =0, Vee h); 

— disguising matrix mappings, given by a set of matrixes | X,P,D} , where X — nondegenerate 
kxk matrix over GF(g), P — permutation nxn matrix over GF(g) with one non-zero element in 
each line and each row of the matrix, D — diagonal nxn matrix over GF(g) with non-zero elements 
on the main diagonal. 

In the modified Niederraiter crypto-code system on modified (truncated) algebra-geometric 
(n, k, d)-codes, the information vector is converted in fast algorithm of non-binary equilibrium 
coding into the error vector. 

After the operation of shortening, the error vector is disguised as a random syndrome 
by multiplying the truncated error vector by the public key of the recipient (the check matrix H,” 
of the code): 


KU, =H® =X'xH® xP! xD) ie {12,....r}. 


Communication channel receives S,_, =(e, —h,)x Hy". 

On the receiving side, an authorized user who knows the disguise rule, the initialization vec- 
tor (the number and places of zero characters in the error vector) can use a fast algebra-geomet- 
ric decoding algorithm (polynomial complexity) to recover the plaintext: 


M, = 9;"(S;, {X.P.D}). 
To restore the plaintext, an authorized user searches for one of the solutions of equations: 


5. =o" x (HE). 


Pah. 
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«Undisguises» the codeword, obtained in the previous step ¢, =c¢ xD~'xP™', decodes the 
obtained vector by the Berlekamp-Massey algorithm, forms the error vector according to the 
Chen procedure e’, transforms into the vector e” by multiplying the previous result of the error 
vector by disguising matrixes P, D: 


_ 7’ 
e, =e xPxD. 


Forming of the desired error vector e to convert into information vector based on a fast 
algorithm of non-binary equilibrium coding: 


e=e,+lV. 


Transformation of the vector e based on the use of non-binary equilibrium code into the in- 
formation sequence. Thus, modified Niederreiter crypto-code system is presented, which allows 
to reduce the energy capacity of the group operations by shortening symbols in the error vector 
(reducing the syndrome symbols and power of the used Galois field), to increase the entropy 
of characters of closed texts, transmitted to the communication channel and thus provide the 
required cryptographic resistance. 


4.5 HYBRID ASYMMETRIC CRYPTO-CODE CONSTRUCTIONS OF MCELIECE AND NIEDERREITER 
BASED ON DEFECTIVE CODES 


In articles [148, 149], authors considered theoretical and practical fundamentals for the 
construction of flawed codes. A flawed text is understood to be a text obtained by further defor- 
mation of the non-redundant letter codes. 

Thus, the necessary and sufficient condition for the flawed text with its meaning lost is 
a reduction in the lengths of text character codes outside of their redundancy. Consequently, 
a flawed text is of length that is less than the length of the original text, and it has no meaning of 
the original text [148]. 

Theoretical basis for constructing flawed texts is the removal of the orderliness of the original 
text characters and, consequently, a reduction in the redundancy of language symbols in the 
flawed text. In this case, amount of information indicating this orderliness will be equal to a reduc- 
tion in entropy of the text as compared to the maximally possible magnitude of entropy, that is, 
equiprobable appearance of any letter after any previous letter. 

Text redundancy will be calculated from formula: 


B(M) = B,L, = (ea : val x Ly 


0 


where I is the original text; B is the language redundancy (8 = A —r, RF is the absolute entropy 
of a language, R = logWN, Nis the alphabet power, r is the entropy of language per one character, 
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r= H(M)/L, L is the length of message M in language characters); H(/V/) is the entropy (un- 
certainty) of the message; L, is the length of message M in language characters with a meaning; 
B, is the language redundancy. 

In order to obtain a flawed text (FTC) and a damage (DCH), a «perfect» compression method 
is used after performing m cycles of damaging mechanism C., [148, 149]. 

The number of cycles required to minimize the length of the original text is equal to: 


. logn—B, 
logn 


where n is the representation power of the original text character; B, is the language redundancy; 
1 is the number of times the length of the original text in MV2 is reduced in each step (a certain 
constant coefficient). 

A quantitative measure of the effectiveness of damage is the degree of destruction of the 
meaning, equal to the difference in entropies of the flawed text and the original text in different 
intervals of length of the flawed text: 


FIC 


d=H(FIC)-SA(M)a, Ya =hs=| 2 
i=) i=) 


where /V/ is part of the original text, corresponding to the /-th interval, p, is its probability, L, is 
the length /, equal to length of L,,, of the flawed text, s is the number of intervals. For an ergodic 
source of characters for the original text: 


dx = l0GL;, — H(M,). 


Fig. 4.16 shows a block diagram of one step of the universal damaging mechanism. 
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; 


O Fig. 4.16 Block diagram of one step of the universal 
mechanism for causing damage 


In articles [28, 29], a cyclic algorithm for obtaining the flawed texts refers to the univer- 
sal mechanism of causing damage (C,,, where m is the number of cycles), which implies a ran- 
dom replacement of the bit representation of each character of the original text with a tuple of 
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a smaller or equal number of bits with their subsequent concatenation. Fig. 4.17 shows a univer- 
Sal mechanism of causing damage (algorithm MV2 (formation of a flawed text)). 

Domain of transformation determination in the MV2 algorithm — the set {0, 1}" — is con- 
sidered to be the alphabet power of certain family of original texts, which are associated with 
a certain probability distribution of the letters of the given alphabet, while the characters of the 
original text are the value of a discrete random element. 

Let X be a random discrete element that takes values x, € {0,1}" with probabilities p, and 
T =(c,f) €F’ is the arbitrary fixed transformation MV2. Then for any ye U.,, (a certain binary 
line from a set of variable-length strings) and for any 1<i<|y], the following holds: 


# x e {0,1} :e(x)= yf = #4 x e {0,1} :¢(x)= y"|. 


Then, regardless of the probability distribution of random element X, for the entropies of 
random elements FIC/FT,,, (flawed ciphertext) and CHD (damage), the following equalities hold: 


H(FTC / FT,) <log(2” —2"), H(CHD) <log(n-r +‘). 


1<r<n-— positive integer 
Input 7,7 n—alphabet power 






































Generation of random order of alphabet lenathar Donia Fi 

characters from 0 to (27) —1 symbol eae a Be 
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CFI/ CH T— ciphertext of flawed text 
CHEYCH © — ciphertext of damage 
Formation of flawed text CF7 and damage CHD | *76/F7% — damaged ciphertext 

by the concatenation of the received flags “(x7 ' | 264/D% — damage to ciphertext 


and remainder Cl / fix) — flag (damage) 
Cl) — remainder (flawed code) 





End 


O Fig. 4.17 Universal mechanism for causing damage (algorithm MV2) 
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Thus, under uniform distribution of inputs (flags) of the algorithm MVe, a uniform distribution 
of the output (remainder) forms: 


P(c, =O\0<k <|FIC / FTy,||) = 5 

An analysis that we performed on the techniques of causing damage revealed that in order 
to use in IES, the most appropriate one is the first technique — causing damage with subsequent 
crypto-transformation, which makes it possible to reduce the alphabet power in the formation of 
a cryptogram in the McEliece MCCS. The distance of singularity for the given method (expres- 
sion 1) will be transformed to: 


> (H (CHO!) + HKU) 
i=1 


07 Blog|! 


Such a system is based on the permanent distortion of damage and ensuring stability due to 
the subsequent use of the encryption based on MCCS. This leads to the impossibility to learn the 
ciphertext of the flawed text. 

Thus, the analysis we performed of the basic principles for the construction of the McEliece 
MCCS and the multichannel cryptography systems on flawed codes allows us to design hybrid 
cryptosystems based on the modified asymmetric McEliece crypto-code systems and multichan- 
nel cryptography systems on flawed codes. A distinctive difference from the «classical» approach 
to the formation of a hybrid cryptosystem is the exploitation of asymmetric crypto-code con- 
structions (that relate to secret models with provable stability) with fast crypto-transforma- 
tions (a rate of transformation is comparable to the crypto-transformations in block-symmetric 
cipher (BSC) as a key mechanism for ensuring stability (safety) of information with subsequent 
application of the algorithm MVe (a system on flawed codes) in order to reduce energy consump- 
tion (alphabet power of the McEliece MACCS) with the subsequent transmission along one or 
several channels. We shall consider practical algorithms for the formation of a cryptogram and 
decryption in the proposed hybrid cryptosystem. 

Fig. 4.18, 4.19 show the algorithm for the formation of a cryptogram/codegram in a hybrid 
cryptosystem. 

If the original text had a certain meaning, then, for such a system, flawed texts when using 
a brute force method over the entire field of encryption keys and key of damage have the only 
meaningful text equivalent to the original, provided that the length of the ciphertext exceeds the 
distance of singularity [149]. Fig. 4.20 shows the decryption/decoding algorithm of a cryptogram 
in the proposed hybrid cryptosystem. 

The algorithms proposed for the hybrid cryptosystem make it possible, when hiding the flawed 
ciphertext CFI/CH,., to improve entropy of the public key: 


H(CFT / CH,,)+ > (H (CHD”)) + H(KU;*) 


a Blog|! 
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a = degf * degCurve, 
kK=n-atg-7 


Generation of random order of alphabet 
characters from 0 to (2")—1 


Determining the values of replacement symbols 
according to the replacement table 






|| Mi | >| [4004 | + || 6001] | 


fod =n — | Cbd\, if |Cod|>r 


o 


f(x) — flag, 
CO) — remainder 


Stage 1. Setting the code parameters 


requiredProbability — preset probability of 


block distortion, 


n—total quantity of symbols in the code 


(code length), 


A— quantity of informational symbols, 
d— minimal distance of code combinations 


by Hamming, 


g— curve genus, 


degF — degree of generator function, 
degCurve — degree of curve 


Stage 2. Causing damage 












































Length of Remainder | Flag 
remainder CO) f(x) 

51 r 0" geen 

S2 (i Or] Cua 

Sa r+] etl rey 
Sig 2 ne 01 
Sal t me n=4 go”! 1 
i n—1 qm a 
S ft ty 1 r or or 
9 — or 














O Fig. 4.18 Stages 1, 2 of the formation of a cryptogram in 
a hybrid cryptosystem based on the McEliece MACCS with flawed codes 
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O Fig. 4.19 Stages 3, 4 of the formation of a cryptogram in a hybrid 
cryptosystem based on the McEliece MACCS with flawed codes 


In the case of additional hiding of the last ciphertext of damage CHD/CH, due to its smallness 
and proportionality with the flawed text ciphertext CFT/CH_, the distance of singularity can be 
further extended: 

H(CHD / CH,) + H(CFT / CH,,) + >” (H(CHD"”)) + H(KU'* ) 

U = i=1 

° Blog|!| 

Thus, a multichannel cryptography based on flawed codes makes it possible to integrate 
cryptographic systems, combining within the framework of one concept the crypto-code construc- 
tions (the McEliece MACCS) and the systems on flawed codes (FC), which, by complementing each 
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other, will ensure the required safety and reliability parameters, as well as enrich the resulting 
system with their properties. 
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O Fig. 4.20 Decryption in a hybrid cryptosystem based on the McEliece MACCS 
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Cryptographic flawed texts are texts obtained in the following ways [142, 143]: 

— Approach 71: damage to the source text with subsequent encryption of the defective text 
and/or its damage (Fig. 4.21); 

— Approach 2: damage to the ciphertext (Fig. 4.22): 

— Approach 3: damage to the source text and the ciphertext of the defective text (Fig. 4.23). 

Thus, using the approach to damage the ciphertext with the Niederreiter’s MCCC on the 
MEC, presented in Fig. 4.23 (third approach) increases throughput starting from the GF field (2%). 
This method is the best approach for building the Niederreiter hybrid MCCC for MEC. The syn- 
thesis of Niederreiter’s MEC crypto-code construction with a cryptosystem on flawed codes 
proposed by the authors allows building complex (hybrid) crypto-code structures whose stability 
is determined by the strength of two cryptosystems to ensure the implementation of fast crypto- 


transformations by reducing the field power. 
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encryption damage text 
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t KY 







O Fig. 4.21 Block diagram of building a hybrid cryptosystem based 
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O Fig. 4.22 Block diagram of the construction of a hybrid cryptosystem 
based on damage to the ciphertext (Approach 2) 
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O Fig. 4.23 Block diagram of building a hybrid cryptosystem based 
on damage to the source text and ciphertext (Approach 3) 
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Consider the algorithms for the practical implementation of the formation of a cryptogram 
and decoding based on the crypto-code design of the Niederreiter for MEC using defective texts 
and damaging the ciphertext. The encryption and decryption algorithms are shown in Fig. 4.24, 
4.25 (encryption), 4.26, 4.27 (decryption). 
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O Fig. 4.24 Algorithm for the formation of a cryptogram in 
the Niederreiter hybrid crypto-code system on flawed codes (HCCSFC) 
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O Fig. 4.25 Algorithm for the formation of a cryptogram in the 
Niederreiter HCCSFC 
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O Fig. 4.26 Algorithm for decoding the cryptogram in the 
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O Fig. 4.27 Algorithm for decoding the cryptogram in the 
Niederreiter HCCSFC 


To determine the optimal method, we analyze the ratio of the number of required additional 
operations to implement the approach to the size of the resulting outgoing data. The dependence 
of group operations implementation ACCS from the power field is given in Table 4.5, in Table 4.6 
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shows the length of the transmitted data, in Table 4.7 — the ratio of these values shows the 
coefficient of bit throughput for each additional operation. 


@ Table 4.5 Dependence of software implementation on field power (number of thousands of additional 
operations before encryption/after/amount) 


Approach 2° 2! 2! 2" 

1 1002/-/1002 3285/-/3285 6322/-/6322 11078/-/8247 

2 —/1501/1501 —/4289/4289 —/9296/9296 —/15908/15908 

3 992/1487/2479 2952/4428/7380  95/793/8690/14483  10086/15130/25216 


@ Table 4.6 The length of the transmitted data in bytes 


Approach 2 2! 2! 2" 

1 900902 902403 1642357 23/4489 
2 379298 667029 1072313 1652979 
3 627533 1044069 1868102 2716713 


@ Table 4.7 Number of bits per additional operation 


Approach 2 2! 2! a" 

1 2.0E-04 4.55E-04 4.812E-04 4.341E-04 
2 4.999E-04 8.038E-04 10.836E-04 12.03E-04 
3 4.938E-04 8.836E-04 9.691E-04 11.602E-04 


4.6 CONSTRUCTION OF METHODS OF STRICT AUTHENTICATION ON THE BASIS OF CRYPTO- 
CODE CONSTRUCTIONS OF MCELIECE AND NIEDERREITER 


Two-factor authentication or 2FA is a user identification method in a service where two 
different types of authentication data are used. The introduction of an additional level of security 
provides better protection for your account against unauthorized access. Using this type of 2FA, 
the user enters personal password at the first authentication level. The next step, he must enter 
the OTP token (OTP — One-time Password Algorithm), usually sent via SMS to his mobile device. 
The OTP will be available only to those who, as supposed in theory, entered a password, inaccessi- 
ble to unauthorized persons [125, 134, 135]. General classification of multi-factor authentication 
methods is shown in Fig. 4.28 [135]. 

The analysis [134, 135, 150-152] of multifactor authentication methods showed the follow- 
ing main advantages and disadvantages: 

— The advantages of the methods based on SMS notification are generation of the OTP code 
every time you log in and transmission through an additional channel, interception of the user's login 
and password in the main channel will not lead an attacker to client banking information. Binding 
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of the OTP password to the customer's phone number. The main disadvantages are that the use 
of mobile open channel does not allow to ensure the confidentiality of the OTP code, using only 
cellular channels leads to a «loss» of two-factor authentication. There is a theoretical possibility of 
substitution of numbers the help of an operator or employees of mobile phone shops. 

— The use of methods with applications-authenticators (QR Codes) allows you to have multiple 
accounts in a single authenticator and generate a primary key, there is no need to use a cellular 
communication lines, the generation of OTP passwords based on the cryptographic algorithms. 
The main disadvantages are the use of an authenticator on the device of entrance leads to the 
«loss» of two-factor authentication, an attacker access to the primary key of the user leads to 
the authentication system cracking. 

— Checking login via a mobile application allows you to automate the authentication process 
without user interaction, based on verification of the personal authentication key on the mo- 
bile application. The main disadvantages are: the loss/disclosure of the private key results in the 
authentication system cracking, the possibility of receiving SMS messages by synchronization 
between the iPhone and the Mac, the use of the authenticator on the device; of entrance leads 
to the «loss» of comprehensiveness. 

— The physical (or hardware) tokens are the most reliable method of two-factor authentica- 
tion. Most often, they are presented in the form of a USB stick with its own processor, gene- 
rating cryptographic keys, which are automatically entered when you connect to a computer. The 
advantages are the absence of the need to use of additional mobile applications, software, tokens 
are completely independent devices. Disadvantages include multiple accounts lead to «binding» of 
tokens, not supported by all applications. 

— Backup keys are the fall-back option in case of loss/theft of the smartphone, which receives 
one-time passwords or verification codes. Loss/theft of the backup key leads to the destruction 
of sensitive authentication system. 

— Barcodes of Passwindow system provide unique static images of the sequence of symbols 
generated dynamically by the authentication server without the use of cryptographic algorithms. 
Any interference or tampering with the bar code is passively presented to the user in the form of 
combinations in a template that do not match the expectations. A significant disadvantage is the 
possibility of selecting a unique card barcode, proposed in [135]. 

— Using of biometrics as a secondary identification factor is performed by identifying the phy- 
sical characteristics of a person (fingerprint, iris, etc.). The advantages of the methods include the 
use of a person’s unique physiological characteristics, the absence of additional mobile applications 
and software. A significant disadvantage is the specific requirements for software and hardware 
devices of reading the user’s biometric data. 

Thus, multi-factor authentication systems based on one-time e-mail- or SMS-passwords and 
different types of tokens are generally used in automated banking systems. To ensure confidentia- 
lity of OTP codes, transmitted by the bank, in the remote banking standard, it is necessary to use 
the encrypted and operator-independent channel of their delivery. This approach is not affected by 
the majority of known threats, except for social engineering, exploiting the human factor. 

Fig. 4.29 shows a synergetic approach to the classification of multi-factor authentication 
threats. The synergetic model [125] of threats to banking information provides necessary and 
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sufficient conditions for the development of a new methodology aimed at achieving synergies in the 
field of security of public and private banking protection systems. 
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O Fig. 4.28 Classification of multi-factor authentication methods 


Thus, there is a need for additional means to ensure the confidentiality of information trans- 
mission in cellular communication systems. 

Identification of SWS systems or multi-factor authentication systems based on mobile phones 
is wrong, 4 more precise term is an «out-of-band» authentication. However, with the spread 
of GSM, smartphones and tablets connected to the network, even this security advantage can 
be lost if the user transaction authentication is performed on the mobile device. In addition, 
the growth of unwanted software for mobile devices now allows an attacker to gain access to 
authentication codes sent via SMS not only through the traditional interception with the help of 
malicious software. Experts explain their decision by the fact that the SMS security faces new 
challenges with the introduction of VoIP services. Some of these services allow to hack the SMS 
system. NIST recommends developers to validate the use of VoIP connections before applying the 
SMS-based two-factor system. SMS protocol is considered unsafe [129]. The analysis of Internet 
attacks on multi-factor authentication schemes with SMS messages and advantages of crypto- 
code systems make it possible to improve the-multi-factor authentication scheme to enhance 
reliability and validity of the generated authenticator. 
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For this, a bank card (BC) must keep the following data elements [134]: 

1. Certification authority public key index — since a terminal can work with multiple CAs, this 
value specifies which of the keys should be used by the terminal when working the given card. 

2. Issuer public key certificate signed by the appropriate certification authority. 

3. BC public key certificate is signed by the issuer and is based on the McEliece MCCS. 

4. Issuer public key modulus and exponent. 

9. BC public key modulus and exponent. 

6. Banking card private key. 

The terminal, that supports the multi-factor authentication scheme, must keep the public keys 
of all CAs and associated information relating to each of the keys. 

The terminal must also be able to select the appropriate keys on the basis of the index (1) and 
some special identification information. 

To support multifactor authentication, user banking card (BC) should have a personal key 
pair (public and private authenticator keys). The BC public key is stored on BC in its public key cer- 
tificate. Each BC public key is certified by its issuer, and a trusted certification authority certifies 
the issuer public key. This means that to verify the authenticator card, the terminal must first 
verify two certificates in order to restore and authenticate the BC public key, which is then used 
for the BC authenticator verification. 

The process of the proposed authentication consists of four stages: 

— stage 1. Restoring the certificate authority public key by the terminal. The terminal reads 
the index (1), identifies and retrieves the certificate authority public key modulus — disguising 
matrix (X, P, D), curve equations for algebrogeometric code (AGC), and associated information, 
stored in it,-selects the necessary algorithms; 

— stage 2. Obtaining an initialization vector (secret «places» in the error vector — shortening 
bits) from the issuing bank. Forming the OTP code (error vector based on the Niederreiter modi- 
fied crypto-code constraction (MCCC)): 

— stage 3. Forming an authenticator on the basis of using the McEliece MCCS. Obtaining 
a codeword (an authenticator) based on the use of the crypto-code system by adding the received 
codeword with a session key: 

— stage 4. Finding the multiplicity of the error vector and the comparison with the obtained 
one. The structure of the proposed method of two-factor authentication based on the Nieder- 
reiter — McEliece MCCC is shown in Fig. 4.30. 

In the authors’ opinion, the significant advantage of using this multifactor authentication 
scheme is providing of required cryptographic resistance and reliability indexes of transmitted 
transactions with the use of Niederreiter — McEliece modified asymmetric crypto-code systems. 
The proposed mechanisms to ensure privacy: the transfer of SMS messages via cellular mobile 
communication channels with the Niederreiter MCCC (ensures the privacy of the OTP code) and 
the use of the McEliece MCCC in ABS digital channels (provides the OTP password transmission 
accuracy and confidentiality) would physically separate channels used for generating the banking 
transaction authenticator. 

Using the session key at each transaction, the physical separation of the authenticator data 
transmission channels, scalability of the software module by changing the Niederreiter — McEliece 
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MCCC parameters, depending on the error rate in the used ABS communication channels will 
allow physical separation of transmission of the OTP-code of composite authenticator by the use 
of the two MCCC schemes in different communication channels and the required level of the 2FA 
protocol security in electronic banking applications. 
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The proposed advanced method of strict two-factor authentication with OTP passwords based 
on McEliece and Niederreiter crypto-code systems allows eliminating the main disadvantage of 
the protocol 2FA — the transfer of individual authentication tokens via open mobile communication 
channels. For this purpose, crypto-code systems on flawed codes providing the required safety 
indices on the basis of encryption using the Niederreiter/McEliece asymmetric crypto-code sys- 
tem, the rate of crypto-transformations at the level of block cryptographic algorithms and the 
provision of data transmission with direct error correction have been proposed. This approach 
can be implemented in modern mobile and desktop applications using the protocols of GI and/or 
mobile networks. 

A schematic block diagram of practical implementation of the proposed hybrid CCS (HCCS) on 
flawed codes is shown in Fig. 4.31. 

Assessment of the cryptographic strength of the proposed HCCS on flawed codes. 

To assess the cryptographic strength, we use the entropy method proposed in [122]. 

The proposed hybrid cryptosystem is comparable in stability with the second method of 
damage — damage to the ciphertext considered in [143, 144]. In this case, we have a set of 
flawed ciphertexts and damages, all individually not corresponding to the original meaningful text. 
With a complete set of flawed ciphertexts and all damages, the unicity distance increases due 
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to additional keys of damage to the ciphertext. Thus, additional encryption provides an increased 
unicity distance: 


H(H®)+H(X,")+H(P,)+H(D,)+H(G%)+H( Xi) + H(Py.) + 


+ H(Dye) + 2H ((Kiney) +H(K))* 2H (King) +H(K5) 


i=1 j= 


Yo= 








, (4.4) 


where U, is the unicity distance, H®, X<’, P,, D, is the private key in the Niederreiter MCCS, 
GE, xe, P.» U,,, is the private key in the McEliece MCCS, Kis is the key in the Niederreiter 
HCCS on flawed codes, Kiyvo,, ‘8 the key in the McEliece HCCS on flawed codes, |/| is the number 
of meaningful texts, B is the number of texts, m is the number of damages. 
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O Fig. 4.31 Schematic block diagram of practical implementation of HCCSFC 


Expression (4.4) makes it possible to evaluate the stability of the proposed McEliece and 
Niederreiter hybrid crypto-code systems on flawed codes. 


47 THE USE OF ASYMMETRIC CRYPTO-CODE STRUCTURES IN THE SECURITY CONCEPT 
OF AN INNOVATIVE ACTIVE UNIVERSITY 


The new paradigm fundamentally changes the culture of responsibility and the value system 
of a university as evidenced by the spread of managerial approach and the use of the principle of 
value for money in higher education systems around the world. Competitiveness and relevance of 
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the university's existence are assessed mainly in accordance with its contribution to the economic 
development of countries and humanity as a whole. To adapt to the new paradigm, some adapta- 
tion is required — the adaptation of the university's relations with the surrounding society/core 
Stakeholders, the adaptation of its internal processes, core values, and finding new innovative 
foundations for its development in today’s environment. Fig. 4.32 shows the relationship between 
management processes and the main functions of an innovative and active university, taking into 
consideration the development of e-education. 
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O Fig. 4.32 Scheme of the interconnection of management processes 
and the main functions of an innovative and active university 


The functioning safety of an innovative university is implemented at the following levels: 

— at the strategic level — university authorities — the creation of conditions for the impossi- 
bility of making corruption changes in the guidelines on the organization of the educational pro- 
cess, providing basic public and communication services of the university's activities, conditions 
of students’ life and transparency of rendering educational services. Ensuring effective control of 
keeping to the academic schedule at the university's faculties; 
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— at the operational level — faculty authorities, departments, and services involved in the 
system of service delivery — prevention of corrupt changes in the objectivity of students’ assess- 
ment in the process of learning, accruing scholarships (grants, etc.). Organizing exams throughout 
the entire cycle of the educational process, creating conditions for effective monitoring of the 
implementation of the academic schedule for the specialities of a faculty, preventing corruption in 
departments and services of a university: 

— at the tactical level — heads of departments — rising the level of objectivity of students’ as- 
sessment in certain disciplines, creating the conditions of transparent students’ choice of academic 
disciplines from the unit of an elective component of the educational process. Creating conditions for 
effective monitoring of the implementation of the academic schedule by teachers of departments. 

The concept of security and corruption counteraction is presented in Fig. 4.33, a—c. 

Fig. 4.34 shows the variant of the block diagram of corporate information and education 
system (CIES) of an information active university, taking into consideration the basic functions 
of information resource (IR) management and security (IR IIAS) in the face of hybrid threats and 
possible corruption schemes. As a rule, CIES is formed based on web technologies that make it 
possible to meet the requirements of informativeness, openness, and accessibility to IR of CIES. 

Therefore, in addition to ensuring the authenticity of the KCC-based IR of CIES, it is proposed 
to use commercial implementation of the crypto-code designs by McEliece and Niederreiter to 
ensure IR confidentiality and integrity. This approach will ensure not only the required level of 
crypto resistance under conditions of the emergence of a full-scale quantum computer, the speed 
of crypto-transformations at the level of block-symmetrical ciphers, reliability, but also counter- 
action to cyber book-marks based on encryption standards [135, 136]. The basics of practical 
construction of crypto-code designs by McEliece and Niederreiter on modified elliptical codes and 
flawed codes are considered in papers [153, 154]. 

Thus, the proposed approach to providing basic security services makes it possible to ensure 
the required level of security of the IR of CIES and to counteract modern cyber threats, both 
external and internal. 

The conceptual synergistic security model of CIES (corporate information and educational 
system) of the IAU is based on particular models: advanced models of the CIES infrastructure and 
of an attacker, a synergistic threat model that makes it possible to assess security level. 

The improved model of the CIES infrastructure is described by the model: 


Ca tO been {I} }, (4.5) 


where {0%} is the set of environment objects describing the elements of the KIO infrastructure 
and their belonging to the levels of ISO/OSI model, {L°*} is the set of relations between the ele- 
ments of the infrastructure, determined by the adjacency matrix: 


Abies _ CIES 


U] 














{/,} is the set of elements of information assets. Each element /, e{/,} is described by 
vector |, = (Type,A’,A', A’, A’), Type is the type of information assets, described by the set 
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of basic values Type={PID, StO, Ol, Yl, PD, S!}, where PID is the payment documents, St0 is 
the statistic reports, O/ is the public information, Y/ is the management (regulatory information), 
PD is the personal data of CIES users, S/ is the scientific information (know-how). 
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O Fig. 4.33 Concept of corruption counteraction: 
a — strategic level; b — operational level; c — tactical level 
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— keeping an electronic register of academic performance; 
— formation of performance statements; 
— attendance control: formation and ensuring users’ 


— formation of statistic data to analyze the education quality authorization safety 
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O Fig. 4.34 A variant of the block diagram of CIES of an innovative 
and active university 





A’ is privacy, A’ is integrity, A“ is authenticity, accessibility, A* is continuity — the information 
properties to ensure. They accept the value of 1 if a property is necessary, O — otherwise. 


151 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


Each element 0, < {0 |, is described by vector 0, ={Y"°,/0}, where Y°* is the level of 
information structure hierarchy, determined by set Y““°={FL, NL, OSL, DBL, BL}, where FIL is 
the physical level, NL is the network level, OSL is the level of operation systems (0S), DBL is the 
database management level, BL is the level of technical applications and servers. The following rule 
is used to indicate the type of connection and existing relation /O" between information assets and 
environment objects: 


10" = ||107, (4.6) 


where /07' displays the existence and the type of relations between the /-th information asset and 
the /-th environment object. In this case Vie {/,}, and Vl ¢ {0°}: 


0, no connection: 

ig - 1 includes and stores: 
' ~~ | pt, processes and transfers: 

So, maintains functioning. 


The synergistic model of threats can be formally presented as: 


res = {OF}. }.{To} {T,} (UH an 


The set of the sources of CIES safety threats is represented by the tuple DF*" = ae Ve ts 
in which V"* is the class of natural threat sources, V*° = \v“s Ve \ is the class of anthro- 
pogenic threats, where “°° is the set of threats to cyber safety, V“ is the set of threats to 
information security, V“*' is the set of threats to the safety of information. T.,., is the qualitative 
risk indicator, 7, is the set of basic terms of probability of implementation of at least one threat to 
the j-th asset, /,, is the set of basic terms of the magnitude of damage from the implementation 
of threat u,, VH is the set of destructive states of the elements of the CIES infrastructure, which 
imply an undesirable and unplanned state of the CIES element, in which it got as a result of the 
implementation of one or several threats. 

In order to have a synergistic effect of increasing the information security level, it is necessary 
to take into account the complexing of threats: 


DFE = \vsk U i? 

where 
ys = yAcs a yas la yy 4s! (4.9) 
a th a ca La ca 


where each element of the set of threats DF < ;OP can be represented by the following vec- 
tor of values of DFT, 7,, Pr, Pox), where Tis the time of successful implementation of a threat, 


T, is the set of basic terms of probability of implementation of at least one threat to the j-th asset, 
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pr, is the probability of implementation of at least one threat to the j-th asset, / is the threat, 
Vi en, nis the number of threats, / is the information resource (asset), Vj € m, mis the number 
of assets: r,,.;, is the probability of attacker’s motivation to implement a threat. 

However, the estimate of the probability of implementation of the j-th threat to the j-th 
asset will be determined taking into account the relations between the threat sources and CIES 
elements, which is assigned by matrix A” = lay". dimensionality n on m, where n is the number of 
threats, mis the number of assets. For each /-th threat to the j-th asset, we determine the prob- 
ability of implementation of pr; based on accumulated statistic data, characteristic of the given 
region and operation conditions (in the quantitative and/or qualitative form) or in an expert way. 

The probability of the implementation of at least one threat to each asset is calculated ac- 
cording to the following formula: 


p,='~[]|(1~ on} (4.9) 


where p, is the probability of implementation of at least one threat to the j-th asset. 

It is supposed that in case of implementation of at least one threat from set V* = 
= vs Dae a \ to the j-th asset, the damage is equal to the cost of the asset based on detail- 
ing the assets and through the selection of actual threats: 


It is believed that threats can be implemented independently of each other, then the price of 
risk A, for each j-th asset is determined from the following formula: 


Ri = pr, Xq;. (4.11) 
The full cost of risk is equal to the sum of costs of risk of all assets: 


Ru = dB. (4.12) 
j=1 


Thus, the probability of implementation of environment p,, with the region of determining 
P=[0, 1] will be assigned by the set of basic terms 7,={non-implemented, minimum, medium, 
high, critical} = {0,,, O,, Og, Obyg, OLs }. 

The formal improved model of an attacker will be determined taking into consideration the 
proposals in papers [4, 34], in which the categories and actions of attackers are determined as: 


= {ald Ty» Spex, PU Men Vien, Viem, (4.13) 


where aid. e {aid} is the attacker's identifier, 7,, is the time of successful implementation of 
a threat, S_, is the probabilistic damage of a system, pr, is the probability of implementation of at 
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least one threat to the j-th asset, / is the threat, Vi <n, n is the number of threats, / is the infor- 
mation resource (asset), Vj ¢ m, m is the number of assets; r,,,,, is the probability of motivation 
of an attacker to implement a threat. 

To assess threats, we use a set of sources of threats, which include the sources of four types: 


DF&s — 1v"",vs,TS,PI, Nit. (4.14) 


where TS is the technical means and systems; P/ is the deliberate attackers; N/ is the non-delib- 
erate attackers (offenders). 

Thus, the proposed model makes it possible to take into consideration the complexing of 
threats, their synergy and hybridity, to form preventive measures based on the analysis of crucial 
threats and critical points in the CIES infrastructure. 

Investigation of the properties of McEliece NCCS at EC and modified McEliece CCC at MEC. 
Let us estimate the parameters of asymmetric code-theoretic schemes using elliptic codes. Let 
us introduce the following notation: 

—/,—the length of the information sequence (block) arriving at the input of the code-theoretic 
scheme (in bits); 

—/, — public key length (in bits); /,, — private key length (in bits); 

— /, — length of the codogram (in bits); 0, — the complexity of the formation of the codo- 
gram (the number of group operations); O., —c falsity of codogram decoding (number of group ope- 
rations); O,, — the complexity of solving the analysis problem (the number of group operations): 
K, — residual compression ratio; K; — flag compression ratio; s — number of pieces of flawed text; 
u(n), v(r) — positive flawed key numbers; z(m) — rounds of flaw; L, — source text length; /,,;— the 
length of the flawed text. 

To construct the graphs, the following conditional abbreviations (prefixes) were used: 
ukh/udh — hybrid CCC with shortened MEC/hybrid CCC with elongated MEC; uk — MCCC with 
shortened MEC; ud — MCCC with extended MEC. 

When calculating the parameters of cryptosystems, Galois fields were used: for McEliece 
code theotretic scheme (CIS) — GFl2""); for MCCC with shortened/extended MEC — GF{2°): 
for hybrid CCC — GF(24). 

Let us carry out a comparative analysis of the parameters of the McEliece asymmetric code- 
theoretic scheme (ACTS) using EC, with the parameters of the modified McEliece MCCC on the MEC. 

To estimate the length of the information sequence (in bits) arriving at the input of the MCCC 
with an algebraic (n, k, d)-code over GF(2”), we use the expressions: 

— for ACTS on the EC: |=kxm: 

— for MCCC on shortened MEC codes: |)=‘1/2kxm; 

— for MCCC on extended MEC codes: |= kxm. 

The complexity of decoding the codogram is determined by the expressions: for ACTS on 
the EC: 0.,=2xn? +k? + 4t? + (t? +£-2)°/4:; 

— for MCCC on shortened MEC: 


Oy =2(2Vq +4-+1-V/2k) + 2k? +40? + (0246-2) [A 
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— for MCCC on extended MEC: 
0,,=2 «(2/9 +9 +1-1/2k+ 2k) + k* + 4t* +(t? +t -2) /4. 


The complexity of solving the problem of analysis (decoding) is given by the expressions: for 
ACTS on EC: 


O, =N nx, 


K+ coverings 


where 


ha n(n—1)..(n-p-t-1 
Nisan CPt = ee t= [(d -1)/ 2 |. 


The potential resistance of the cryptosystem is determined by the value pxt, and the noise 
immunity of the system — (1—p)xt. For MCCC on shortened codes: 


Die = N cetie (2/4 +q+1-/2 k) xP" 
— for MCCC on long codes: 


Oy. = Neoverings * (2/0 +q+1-Vek+ /2k) xP, 
Table 4.8 and Fig. 4.35 shows the dependence of the complexity of cracking and the complex- 
ity of coding for various EC rates (MEC). 
Table 4.9 and Fig. 4.36 shows the dependences of the volume of open key data for various 
indicators of durability. 


@ Table 4.8 Pivot Chart of Hack Difficulty and Coding Difficulty for Various EC Baudrates 


Ig(/,) 0.5 0.75 0.5(ud) 0.75(ud) 0.5(uk) 0.75(uk) 
1 4.79 12.1 15.6 18.23 19.12 19.82 
2 10.52 21.76 32.47 39.67 38.63 39.18 
3 18.22 33.17 43.79 01.61 96.88 98.03 
A 21.42 01.75 09.43 72.81 792 80.52 
o 38.77 61.09 68.26 87.32 94.91 104.56 
6 04.13 78.37 101.72 112.46 120.83 128.78 
/ 82.14 83.72 196.75 164.72 182.39 189.74 
8 165.84 17913 223.64 231.97 eae? 287.33 
a 398.33 371.09 421.97 428.63 459.81 476.92 
10 672.37 684.94 716.41 722.26 783.46 794.28 
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—R2=0.75 


R1=0.5(ud) 
——R2=0.75lud) 
—R1=0.5(uk) 
—R2=0.75Cuk) 





O Fig. 4.35 Summary diagram of hacking complexity and coding 
complexity for different EC rates (MMEC) 


@ Table 4.9 Dependencies of the volume of open key data for various indicators of durability 


as) 0.5 0.75 0.5 (ud) 0.75 (ud) 0.5(uk) 0.75 (uk) 
9 30 87 240 602 968 799 

20 22/8137 4351076 926137 987234 1034682 1897092 
39 12329538 14097276 4253109 3237688 6126273 6832018 
90 22941273 77520337 43076332 60122407 8602376 7027160 


1E+09 
100000000 
10000000 
1000000 




















—=A1=0.5 
100000 ae 191) 75 

40000 R1=0.5(ud) 
—~R2=0.75(ud) 

mee —R1=0.5(uk) 
100 — R2=0.75(uk) 
10 

1 


0 35 10 15 20 25 30 35 40 45 30 
Ig(Ik+) 




















O Fig. 4.36 Dependencies of the volume of open key data for various 
indicators of durability 
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Analysis of the presented results Table 4.10 clearly demonstrates how the increase in the 
relative data transmission rate is obtained: the volume of key data in systems based on short/long 
codes is half that of a conventional NCCS. 

Table 4.10 shows the results of studies of the capacitive characteristic for software imple- 
mentation on the field power. 


@ Table 4.10 Dependence of the software implementation speed on the field power (the number of group 


operations) 

Cryptosystems 2° 25 2! 25 2° {0 

CCC McEliece on EC 10018042 18048068 32847145 47489784 63215578 82467897 
MCCC McEliece on 10007947 177874381 28595014 44079433 61974253 79554764 
shortened IMEC 

MCCC McEliece on 11156138 18561228 33210708 48297112 65171690 84051337 
extended MEC 


The resulting Table 4.10 shows the number of group operations of the software implementa- 
tion of the CCC, depending on the field strength. It can be seen that if for the implementation of 
McEliece CCC in field GF(2"°), 82.5x10° group operations are required, then the implementation 
of MNCCS on shortened/extended MECs in field GF(2°) requires 17.7 — 18.610® group opera- 
tions, i.e. 4.9 times less. 

Let us carry out a comparative analysis of the parameters of McEliece MCCC on MEC (shorte- 
ned/elongated) and with the parameters of HCCCFC on the basis of McEliece HCCCFC on MEC. 
The length of the information sequence (in bits) arriving at the input of the cryptosystem with 
the CC is determined by the following expression: for hybrid crypto-coded construction on flawed 
code (HCCCFC) on shortened codes: 


Jarl, 


where /? =K, xL+1/K, xs — the length of the flawed text; /’ =L+uxs — damage length; 
S= (Ly — ae eel — number of pieces of damaged text, K, = 1—K, =~ 0.798 — compression ra- 
tio of the remainder (defective text) (while u=8, v=3, z=9); K, = (2 — ae") ly = 0.242 — flag 
compression ratio (damage) (while u=8, v=3, z=5); z= (log(u x L) -7) /log(1/K,) — required 
to randomize the MVe cipher, the number of conversion rounds allowed. For HCCCFC on exten- 
ded MEC: | =1/2kxm+lo +1. 

Table 4.11 and Fig. 4.37 shows the results of studies of the complexity of the formation of 
a cryptogram in various GF(2”). 

The length of the codogram (in bits) is determined by the expressions: for HCCCFC on shorte- 
ned MEC: 


I, = (2g +q+1-1/2k}xm 


197 


SYNERGY OF BUILDING CYBERSECURITY SYSTEMS 


for HCCCFC for extended MEC: 


I, = (2g +9+1-1/2k + 1/2k) xm 


Table 4.12 and Fig. 4.38 shows the results of studies of the complexity of decoding a cryp- 
togram in various GF(2”). 


@ Table 4.11 Dependence of the complexity of the formation of a cryptogram in various GF(2”) 


GF(2") re 
0.5(ud) O0.75(ud) 0.5(uk) 0.75(uk) = O.5(udh) = 0.75(udh) = 0.5(ukh)  0.75(ukh) 

3 242 603 817 968 643 780 923 998 

4 760 980 2140 6282 905 1085 1563 9125 

9 2241 6121 8706 11461 1863 2450 6137 8282 

6 6348 9830 10722 60760 6273 7016 9183 10341 

/ 17092 961751 83000 210170 16582 15985 16563 16925 

8 67016 105265 207422 605005 65278 65450 66137 68282 

a 98765 9310780 710920 1018079 95327 96037 97134 97841 


1E+09 
100000000 


10000000 — R2=0.75(ukh) 


1000000 — R1=0.5(ukh) 


100000 —R2=0.75(udh) 
10000 —R1=0.5(udh) 
1000 — R2=0.75(uK 
‘an R1=0.5(uk) 
a —R2=0.75lud) 
—R1=0.5lud) 





O Fig. 4.37 Dependence of the complexity of the formation 
of a cryptogram in various GF(2”) 


Analysis of the Table 4.11, 4.12 and Fig. 4.37, 4.38 showed that the use of defective codes 
and a further decrease in the power of the Galois field leads to a significant decrease in the com- 
plexity of the formation (by about 12 times) and decoding (by about 20 times) of the cryptogram. 
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@ Table 4.12 Dependence of the complexity of decoding a cryptogram in various GF(2”) 


GF(2") ee 
0.5(ud) =0.75(ud) §=0.5(ukK) =0.75(uk) = 0.5€udh) = 0.75(udh) =0.5(ukh) =(0.75(ukh) 

1 78 81 82 96 148 153 1568 1621 

Z 456 457 457 906 835 897 5) (2 9624 

3 1024 1168 1280 9127 1240 1307 12283 14817 


A 7672 8232 11028 23674 g224 11937 34673 225017 
9 21073 42082 78634 27/7830 12348 25597 95088 8 1246572 
6 103862 281472 760553 3220573 123548 127137 1316373 4383507 


100000000 
10000000 
1000000 — R2=0.75(ukh) 


100000 — R1=0.5Cukh) 


— R2=0.75(udh) 
—R1=0.5(udh) 
1000 — R2=0.75(uK) 
R1=0.5(uK) 
— R2=0.75(ud) 
—R1=0.5(ud) 


10000 





O Fig. 4.38 Dependence of the complexity of decoding a cryptogram 
in various GF(2”) 


The complexity of solving the problem of analysis (decoding) is defined by the expressions: 
for HCCCFC on shortened MEC: 


0,.=N x (2/9 +9+1- 2k) xr +N, or (N,.), 


+ ° coverings 


where N, = (K,'/are" x|F|, K,=97/128, |F| —total length of output flags (damages) (bits) — 
with the remainder known to the attacker (damaged text) and given flags (damages), with an 
unknown key — N, = 2'?, z2=16; for HCCCFC for extended MEC: 


+ °~ coverings 


0,,=N «(2/9 +9 +1- 2k + 2k) xr +N, or (N,.). 
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Table 4.13 and Fig. 4.39 shows the results of studies of the complexity of cracking and the 
complexity of coding for different rates A in different GF(2”). Table 4.14 and Fig. 4.40 shows 
the results of studies of the dependence of the volume of open key data of HCCCFC per month for 
various indicators of persistence. 


@ Table 4.13 The complexity of cracking and the complexity of coding for different rates R 


Ig(/,) 


Oo oer wo ro —> 


0.5(ud) 
19.6 
32.47 
43.79 
09.43 
68.26 
101.72 





O Fig. 4.39 Summary diagram of the complexity of cracking and 


0.75(ud) 
18.23 
39.67 
01.61 
72.81 
87.32 
112.46 


0.5(uk) 


18.72 
38.63 
06.88 
Tispele 
94.91 
120.83 


0.75(uk) 
19.82 
39.18 
98.03 
80.52 
104.56 
128.79 


0.5(udh) 
7.21 
21.46 
31.68 
41.172 
96.63 
72.32 


0.75(udh) 0.5(ukh) 
oN 12.54 
23./2 27.48 
33.83 37.38 
42.27 47.48 
08.91 62.86 
74.79 89.5 


the complexity of the coding of the HCCCFC for different rates of the MEC 


——R1=0.5ud) 

——R2=0.75(ud) 
R1 =0.5(uk) 

~~ R2=0.75Cuk) 


0.75(ukh) 
14.56 
29.82 
38.43 
08.23 
66.53 
97.71 


—R1=0.5(udh) 
—R2=0.75(udh) 
— R1=0.5(ukh) 
— R2=0.75(ukh) 


@ Table 4.14 Dependences of the volume of open key data of the HCCCFC for various indicators of durability 


Ig(/,,) 0.5ud) 
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20 
35 
90 


240 
926137 


0.75 (ud) 
602 
987234 


0.5 (uk) 
968 
1034682 


0.75 (uk) 
799 
1897092 


4253109 5237688 6126273 6832018 
43076332 60122407 8602376 7027160 


160 
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421108 
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95019 
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O Fig. 4.40 Dependences of the volume of open key data of the HCCCFC 
for various indicators of durability 


Table 4.15 shows the results of studies of the capacitive characteristic for software imple- 
mentation on the field power. 


@ Table 4.15 Dependence of the software implementation speed on the field power (the number 
of group operations) 


CCC 2" 2° 25 2! 2° 25 a 

CCC shortened MEC 8293075 10007947 17787431 28595014 44079433 61974253 79554764 
MCCC on extended MEC 398506422 11156138 18561228 33210708 48297112 65171690 84051337 
HCCCFC on extended MEC 5612316 7900315 14892945 25565274 42279183 58963778 76564173 


HCCCFC on shortened MEC 5942627 7905257 14682411 25595014 42116327 58468143 75474764 


As in the study, MCCC received a significant decrease in open key data for the HCCCFC, which 
leads to a total increase in the relative transmission rate. 

A natural continuation of our research, obviously, should be testing the statistical charac- 
teristics of the proposed crypto-code structures in order to obtain objective traditional data on 
cryptographic strength. 

To carry out statistical studies of the stability of the cryptosystems under study, we will use 
the NIST STS 822 package [155]. 

The research results are presented in Table 4.16. 

Table 4.16 demonstrates that, despite the decrease in the Galois field power to GF(2°) 
for MCCC and GF(2*) for HCCCFC, the statistical characteristics of such crypto-code con- 
structions turned out to be at least no worse than the traditional McEliece CTS on GFl2"°). 
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All cryptosystems passed 100 % of the NIST tests, and the best result was shown by the 
HCCCFC at shortened months: 1595 out of 189 tests passed at the level of 0.99, which is 82 % 
of the total number of tests. At the same time, the traditional McEliece CTS on GF(2'°) showed 
149 tests at the level of 0.99. 


@ Table 4.16 Statistical security research results 


The number of tests in Thenumberoftests The number of tests 
which more than 99 % — in which more than in which less than 


Algorithm of the sequences passed 96 % ofthe sequen- 96 % of the sequences 
testing ces passed testing passed the test 

CTS McEliece EC 149 (78,83 %) 189 (100 %) 0 (0 %) 

MCCC McEliece on 151 (79,89 %) 189 (100 %) 0 (0 %) 

shortened IMEC 

MNCCS McEliece on 152 (80,42 %) 189 (100 %) 0 (0 %) 

extended MEC 

HCCCFC on McEliece on § 153 (80,95 %) 189 (100 %) 0 (0 %) 

extended MEC 

HCCCFC on McEliece on = 100 (82 %) 189 (100 %) 0 (0 %) 

shortened IMEC 


The conducted studies of the proposed modifications of the crypto-code structures of 
McEliece and Niederreiter allow us to consider the synergy of their application to provide basic 
security services. The used noise-resistant algebraic geometric codes provide the required 
level of reliability (P.)..,.=10°-10-'7), the formed asymmetric systems provide the level of 
cryptographic resistance (10°° elementary group operations), which in the post-quantum period 
allows their use in post-quantum security protocols. The encoding/decoding rate in the proposed 
modified crypto-code constructions is comparable to the rate of crypto-transformations in 
symmetric cryptoalgorithms with a key length of 2'-8—2°°", which in the post-quantum crypto- 
period is twice as fast as the BSW of post-quantum cryptography (key length 2°'*). The use of 
defective codes in modified CCCs allows the formation of hybrid CCCs of McEliece and Nieder- 
reiter, in which the approach to constructing such systems is fundamentally different (ensuring 
symmetric cryptography provides cryptographic strength). 

In Fig. 4.41 presents a block diagram of synergy based on the use of the proposed CCCs 
on MEC/flawed codes. 

The use of flawed codes in hybrid McEliece and Niederreiter CCCs significantly (20 times) 
reduces the energy capacity of the practical implementation of the proposed encoding/decoding 
algorithms. This approach expands the range of use of the CCC to ensure the safety, reliability 
and efficiency of information resources in the post-quantum period, in the protection systems of 
critical infrastructure facilities. 
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O Fig. 4.41 Structural diagram of the synergistic effect of using McEliece 
and Niederreiter CCC on MEC/flawed codes in post-quantum security protocols 


Thus, the use of modified CCC (hybrid) crypto-code constructions of McEliece and Nieder- 
reiter on modified elliptic codes (shortened/extended) in systems with defective codes provides 
the required level of security with minimal energy costs (construction of CCC over the field GF(2*) 
in a wide range of standards for information transmission channels, storage of information re- 
sources, formation of special security mechanisms: encryption, authenticity, integrity, digital sig- 


nature — all this allows us to assert that crypto-code constructions provide the synergy of building 
security systems. 
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CONCLUSIONS 


1. The main types of models used in modeling the behavior of intelligent agents was discussed. 
The use of models of different classes together with the consideration of various aspects of the 
behavior of agents in conditions of cyber conflict makes it possible to obtain a synergistic effect of 
the proposed modeling methodology. The originality of the approach associated with the introduc- 
tion into consideration of the concept of the contour of business processes as an integral object 
to be protected. Consideration of the business processes loops of the organizational and techno- 
logical system and the loops of business processes of the cybersecurity system can be considered 
as another condition for the manifestation of the synergy of the processes under consideration. 
The idea of the spatio-temporal structure of the model basis was proposed by the authors, that 
reflects not only the distribution of the set of models over the corresponding levels of the proposed 
methodology, but also sets the sequence of their interaction. This approach can be considered as 
the closure of a set of conditions for the manifestation of the synergistic properties of the proposed 
methodology for modeling conflict-cooperative interaction between the parties to a cyber conflict. 

2. As aresult of research based on the proposed mathematical models of data protection in the so- 
cial network, determining the resilience of the data protection system and the resilience of the system 
to possible influences, on the basis of which an objective assessment of the balance between informa- 
tion security threats and specific parameters of the social network interaction, external influences and 
protection measures and the amount of data protected. The application of the developed models to 
ensure the protection of information and user data in social networks will allow a new look at existing 
social networks (modernization of their structure, parameters, user interaction) and create new so- 
cial networks that will provide more reliable security of user data while maintaining usage parameters. 
The developed mathematical model for assessing the stability of the information protection system in 
social networks is based on the analysis of the parameters of the behavior of the protection system 
during and after external influences on the data protection system taking into account the dynamics of 
change of influence parameters. The model allows to carry out research of parameters of protection 
of system and to take necessary measures for improvement of system of protection of the information 
taking into account nonlinear interaction of elements of system of protection and external influences. 

3. Practical aspects of the methodology for constructing post-quantum algorithms for asym- 
metric McEliece and Niederreiter cryptosystems based on algebraic and defective codes can signifi- 
cantly reduce the energy costs for implementation, while ensuring the required level of cryptographic 
strength of the system as a whole. The security concept of a corporate information and educational 
system based on the construction of an adaptive information protection system allows ensuring 
the security of information resources and the quality of service for users of an active innovative 
university in the face of targeted modern threats. A significant increase in the speed of systems has 
been achieved (at least 20 times in the speed of formation of a cryptogram), which allows the use 
of conventional personal computing equipment for cryptographic protection of information by such 
systems, while ensuring the required level of cryptographic stability in the post-quantum period. 
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